Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have the triplet WIN/MAC/Ubuntu machines in my company.
I'm constantly getting security updates messages for all of them.
My questions are:
how do Microsoft and the other companies find so many security holes?
Sometimes I find out that I forgot to update a machine for a long time, how really vulnerable am I during this time?
Don't hackers can just study the security updates on a daily basis and try to exploit
the machines that haven't updates yet?
Thanks
how do Microsoft and the other companies find so many security holes?
Usually, they don't. From my experience, vendors themselves often don't put a lot of effort into actively finding and fixing their own vulnerabilities.
However, there are a lot of security researchers who try to find vulnerabilities using some combination of reverse engineering (static binary analysis and dynamic run-time analysis) and fuzz testing to provoke misbehaviour, then evaluating the exploitability of the observed crashes.
The Zero Day Initiative is an example of a company that pays researchers and leaves vendors the time to fix found vulnerabilities before releasing details about them to the public (this process is called responsible disclosure).
Sometimes I find out that I forgot to update a machine for a long
time, how really vulnerable am I during this time?
It depends on the type of vulnerability, but usually the answer is "Very, very much".
Don't hackers can just study the security updates on a daily basis and
try to exploit the machines that haven't updates yet?
That's what they do. Often this is really easy, as proof-of-concept exploits for the patched vulnerabilities are publicly available. If this is not the case, it's at least possible to reverse-engineer the patches to get an idea of what the fixed vulnerability is. There's a BitBlaze subproject that presents a proof-of-concept of how this process can be automated.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I came to a successful project with 4 years old, it is already in the production.
The problem is that, the project is not documented anymore, it depends on 2 senior developers only, they know the system, they test, they handle change of requests..
I need to know what is the best practice, or what are the main steps that I have to do in order to document all the modules starting from high level design through component analysis & design, code comments, till the configuration management.
The traditional project management processes don't give me a clear idea of how to take the control back of a an old project.
Thanks.
Senior developers will easilly get bothered if you make them write docummentation all day long so you may lose them at the end.
I would hire a technical writer / junior developer if I were you and give him or her this as a first task. I would also make him or her work closelly with the senior guys, without taking too much from their time (like aggregating questions and have a one hour session dailly or something like that).
It will probably hurt in the beginning but if properly executed should prove a good choice at the end.
Note: The level of cooperation between your senior guys and the new guy that will be doing the documentation may vary depending on some internal "political" things like if the developers feel threatened by the fact that you are trying to make them less critical to the project, how overwhealming the new guy / gal is to them and so on. So answer those questions before going for it.
Once again - it is my personal opinion on the given topic and its success will definatelly depend on various factors. So you should decide if it is a good way to go or not.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
Could anyone please suggest a software process suitable to the work our team?
We are a team of 6 developers (mostly juniors).
We are supporting the ordering system for an online book store (similar to Amazon books).
The system is already online and functioning.
Most of the work is task based. Sometimes there is a bug that needs immediate fixing or a new module that needs to be added to the system.
Most of the time each developer is working on a separate module of bug which it's estimated time could range from few hours to few days.
Our customers (the management department) are located in another country (we are being outsourced) so requirements take a long time to verify or discuss.
You can view us mainly as a team of freelancers each waiting for a task to be handed to him. Sometimes if a big module is required 2 or 3 developers start working together on it, but that's when things starts going bad as we lack a well defined software process to adhere too.
Notes:
The Waterfall model clearly fails in our case as our team is responsible for gathering the requirements, designing, coding and testing everything.
We tried adopting Agile practices, but it was a complete failure mainly because of points 4, 5 & 6. There is no iteration or prototypes in our work.
So We are looking for a software process that can help us organize our work and provide an acceptable output.
You say you're mainly Juniors. So, learn to walk before you try to run. I suggest you try a staged delivery model. And I also suggest you try reading this book:
http://www.amazon.com/Software-Project-Survival-Guide-Practices/dp/1572316217
I suggest using TFS Express, it's free and have Agile management tool, it's still beta, but Microsoft give a "Go Live" Tag so you can work with it and upgrade your work when RTM release
You can download it from here
http://www.microsoft.com/visualstudio/11/en-us/downloads#tfs-express
I would Strongly Suggest RUP(Rational Unified Process)
Reason being
Concurrent Phases can go on with part of team doing some phase whereas other developers working on a different thing
You will follow RUP increments where some developer who finds solutions to bugs can move to next increment with a part of team still working on previous increment
its highly adaptive and flexible and will help you a lot with different threads going on within project
Previously it was Closed source although IBM donated it to Open source in 2005 and
here's a great presentation that will surely help you understand it better
http://www.perftestplus.com/resources/rupfordummies_ppt.pdf
Hope it helps!!
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
I understand that it is better to discover requirements through iterative approaches in Agile, however I often hear of people rejecting projects on the basis that they are given up-front requirements.
Why is this the case? Why can't up-front requirements just be taken as-is, e.g. just added to a product backlog and then prioritized and implemented?
There's nothing wrong with up-front requirements. In fact it helps to know where you're heading before you set sail!
Agile is a lot about being able to be adaptable, so that should requirements change you're not locked into something you don't want.
The kind of up front requirements that would cause a developer to think twice about a project, would be those which indicate that the client are likely to be a nightmare to work with:
an obsession with one particular, unsuitable technology or presentation style
insisting on 'security' with glaringly obvious vulnerabilities
In an agile project, it's good to show a client the current state of the partially working system at an early stage, and get feedback, using this information to help design the subsequent parts of the system. If a client is too fixed on ideas of the final product then they might not be able to give useful feedback at this stage, and the final product may be not as good as it could have been.
This something that can be quite problematic with Agile. Some teams will use it as an excuse to not have a plan as they want to be 'adaptable'. Requirements can help to focus on the software architecture, which is something else that is not always given much focus in some Agile teams. It is points like these that lead me to believe that Agile should just be principles but not a methodology. Digital Animal wrote an interesting article about how Agile can be used in such a way that it stops being effective. For some teams, it is better to learn from what is great about Agile and use it to build a methodology that works for them. http://digitalanimal.com/blog/slaying-the-agile-dragon-the-game-of-thrones-methodology/?AT=CZcb6f
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 years ago.
Improve this question
I am looking for some kind of solution to take care of development scheduling for web applications. How does the big guys in the industry handle this?
Is it all about SVN and bug trackers for them?
I'm not doing web develoment myself, but I assume that the approach for web development is exactly the same as for other big developments (which my team IS doing). In that case, the following tips might help:
Use version management (SVN, ...)
Be agile (this is also resembled by the following points)
Make a mixed team (developers, testers, designer, functional responsibles, ...) that all work as an integrated team on the same subject. Make sure the whole team communicates.
Make everyone responsible for the whole project. Never blame individuals if things go wrong.
Be sure the whole team knows the status of the project: where are we, what should still be done, ... Make everything visual by sticking graphs and sheets to your office wall.
Keep the time between 'raised questions or raised problems' and the answer or solution short. E.g. if a bug is found, log it immediately and try to solve it as soon as possible.
Develop incrementally. Don't develop for several months and then start testing, but make sure you have a working copy every day.
Split development/design/... tasks in smaller tasks that can be developed incrementally (see previous point) and in a minimal amount of time (a day or a few days).
Automate tests as much as possible.
Use continuous integration (where the tests are run at every commit in the version management system)
As a manager, support your team.
Focus
Shield the people of the team from all kind of problems not directly related to the project (e.g. PC problems, printer problems, ...). Choose a 'scrum manager' that solves all these annoying problems for the team.
Demonstrate the results at regular intervals to your customer, your boss, ...
Give a reception if an important milestone is reached.
There are probably many more tips. Therefore, read a good book about managing software development. There is probably no essential difference between web development and other software develoments.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
This question does not appear to be about programming within the scope defined in the help center.
Improve this question
Sorry for the vague title, if anyone can think of a better one please feel free!
My company is negotiating providing a small dev team (me as PM + 2 or 3 devs) to a client. However he's not the customer, his client is. It's important to him to be providing the software services to the customer, he doesn't like to tell them he has outsourced this (to avoid looking less critical to the project, I theorise).
I want to have a bug-tracking/project-managing tool for my company, which lets clients/customers log bugs and access discussion forums, etc. That's fine as far as letting my client access my tool, but he doesn't want to direct his customers to mycompany.fogbugz.com.
Are there any neat solutions to this, other than him having one tool set up customer-facing and me having my tool, and us manually replicating things between them?
Or, are there any tips how I can persuade my client it's not a problem in the first place?
I think you really have to think about the risk of your employer "hiding" you from the customer. There are many risks there and the customer would likely be better served if you and your employer were open and up-front with them.
Likely your employer is concerned about being "left out" of the project and you managing the entire process. Perhaps he/she is also concerned that you will ruin the relationship or steal the client from them. The best way for you to deal with these concerns is build trust in the relationship. This of course takes time but then start working on your employer to help them understand that open and clear communication is a key pillar of project success. If you provide the end-customer with access to your bug tracking/PM tool as well as your employer then it's a win/win for everyone.
This way the customer gets quicker bug tracker and enhanced visibility. You get more efficient workflow in your process. Your employer will therefore have a happier customer, and happier contractor (you) and therefor a successful, reference-able project.