|
|
Thursday, June 12, 2008
10:15 a.m. |
|
|
MANAGING PROJECTS AND TEAMS |
Fifteen Tips for Speeding up Your Project
Johanna Rothman, Rothman Consulting Group, Inc.
Faster is better for software projects—if
and only if all the right elements are in place and ready to go. Sometimes your
organization is in a sweet spot—that period of time when your project should
start immediately. Other times, it’s better to wait. Join Johanna Rothman
to discover how to decide whether your project is ready to go, including how to
help your managers define the project portfolio to see where your project fits in
and how it supports your organization’s goals. Johanna discusses fifteen ways
to measure and steer projects to help you get to the end faster. Learn about rolling
wave scheduling, continuous integration, time-boxing, and much more. In this interactive
session, you’ll discuss the meaning of “done” so you can help
the team finish a project sooner and avoid having it drag on. Although you don’t
have to use all of the tips, the more you use, the faster your project will run.
|
|
|
Johanna Rothman helps managers define and solve problems. She assists
managers, teams, and organizations to become more effective. Johanna has helped
engineering organizations, IT organizations, and startups hire technical people,
manage projects, and release successful products faster. Johanna is the author of
Manage It! Your Guide to Modern Pragmatic Project Management and Hiring
the Best Knowledge Workers, Techies & Nerds: The Secrets and Science of Hiring
Technical People, and coauthor with Esther Derby of the pragmatic Behind
Closed Doors, Secrets of Great Management. Johanna is a host and session leader
at the Amplifying Your Effectiveness (AYE) conference. |
|
|
|
Your Attention Please: Concentration is a Learnable Skill
Lee Devin, Swarthmore College
With the possible exception of the fakir
walking barefoot on a bed of nails, no one can focus attention on a single object
for more than about fifteen seconds. There’s a practice, though, that anyone
can learn to accommodate this fact and go on to solve vexing problems quickly and
creatively. Lee Devin borrows from the skills that actors develop to direct their
attention so their mind and body behave as if the imaginary world they've created
is real. Similarly, when you watch a good movie or read a great novel, you direct
your attention with single-minded intensity. Using theatre exercises, Lee introduces
you to the techniques of warm-up and the skills of concentration. Although simple,
they're by no means easy. Learn and practice these mind-bending exercises and take
away a powerful tool that can increase your concentration both at work and in your
personal life.
|
|
|
Lee Devin
taught theatre at the University of Virginia (1962-66), Vassar College (1966-70),
and Swarthmore College (1970-2002). In 1975, he became a member of the artistic
staff of the People’s Light and Theatre, acting, teaching acting, and doing
dramaturgy; currently he’s the Senior Dramaturg. With Rob Austin of the Harvard
Business School, Lee wrote Artful Making; What Managers Need to Know about
How Artists Work, published in 2003. In 2005, it won LMDA’s Elliott Hayes
Award for dramaturgy. Lee is at work on writing projects that not only interfere
with his trout fishing but also cause him to neglect his grandchildren. |
|
|
|
Continuous Integration: The Cornerstone of a Great Shop
Jared Richardson, 6th Sense Analytics
Jared Richardson believes that of all
the development practices being promoted today the best single practice is continuous
integration. It's a simple concept—you run a software program that monitors
your source code in an automated version control system. When anything changes,
your code is automatically checked out, re-built, and all the automated tests are
re-run. Continuous integration gives you an early warning if anything in the most
recent changes broke the software. Continuous integration forces you to use 100
percent source code management and demands a solid, automated build script. It provides
a framework for your automated tests to grow, live, and thrive. Continuous integration
becomes a new “team member” who keeps a constant eye on your code and
provides the reminders you need to keep the product solid and your team on track.
Join Jared to learn the steps to introduce continuous integration into your shop
and how to set it up yourself.
|
|
|
Jared Richardson, co-author of Ship
It! A Practical Guide to Successful Software Projects, is a regular conference speaker
and an agile coach at 6th Sense Analytics. Jared has been in the industry for more
than fifteen years as a consultant, developer, tester, and manager. Until recently,
he was an independent consultant focused on helping teams build better software.
He's now bringing that same focus to 6th Sense Analytics and its clients, using
both the 6th Sense toolset and his unique experience. Jared can be found online
at
www.AgileArtisans.com and www.6sa.com/blog. |
|
|
|
The Uncertainty Surrounding the Cone of Uncertainty
Todd Little, Landmark Graphics
Barry Boehm first defined the “Cone
of Uncertainty” of software estimation more than twenty-five years ago. The
fundamental aspect of the cone is quite intuitive—that project uncertainty
decreases as you discover more during the project. Todd Little takes an in-depth
look into some of the dynamics of software estimation and questions some of the
more common interpretations of the meaning of the “cone.” Todd presents
surprising data from more than one hundred “for market” software projects
developed by a market-leading software company. He compares their data with other
published industry data. Discover the patterns of software estimation accuracy Todd
found, some of which go against common industry beliefs. Understanding the bounds
of uncertainty and patterns from past projects help us plan for and manage the uncertainties
we are sure to encounter. Take back a collection of measures and metrics you can
use to track and analyze uncertainty in your current and next project.
|
|
|
Todd Little
is a senior development manager for Landmark Graphics Corporation. For more than
twenty-five years, he has been involved in almost all aspects of software development
with a focus on commercial software applications. Todd is on the Board of Directors
for the Agile Alliance, a co-author of the Declaration of Interdependence
for Agile Project Leadership, and a founding member and current president of the
Agile Project Leadership Network (APLN). Todd is a well-known speaker and writer
on software engineering topics, including business value, uncertainty, complexity,
and leadership. |
|
|
|
A Toolkit for Assessing SOA Readiness
Jerry Smith, Symphony Services
Before charging “full speed ahead”
into the land of service-oriented architecture (SOA), you need help to ensure success
and mitigate the risks inherent in such major systems changes. Jerry Smith provides
proven tools for assessing SOA readiness and outlines the essential steps to implementing
SOA. Jerry presents reference SOA architectures that demonstrate solid standards
and specifications to compare with your implementation plans. He introduces an SOA
Maturity Model to help you understand your current organizational and technological
state. The SOA Maturity Model is a communications tool that outlines how the organization’s
SOA implementation will evolve along both business and technical lines. Jerry outlines
the various stages the model entails and how to apply it so that technical and organizational
changes are easily coordinated across the enterprise. With this new toolkit in hand,
you can deliver a clear action plan to drive the improvements only SOA makes possible.
|
|
|
Jerry Smith draws from more than twenty-five years of
experience as a technology innovator and IT strategist to help Symphony Services
and its clients derive business benefit from adopting critical technologies. He
has a Bachelor of Science degree in electrical/electronics engineering from California
State Polytechnic University, Masters and post-doctoral degrees in computer science
from NOVA Southeastern University, and a Naval nuclear power degree from the United
States Navy. Jerry is an adjunct assistant professor at Drexel University and an
adjunct professor at NOVA Southeastern University. |
|
|
|
Software Security Assessment: The Naked Truth
Herbert Thompson, People Security
With software running our most critical
business processes, we need to think about both its utility and the risk it can
add to those processes. Hugh Thompson describes some of the best current techniques
to efficiently assess software security risk. Hugh identifies the biggest risks
to your software systems, presents the major categories of security vulnerabilities
with their business consequences, and how you can begin an effective software risk
assessment process. Specifically, Hugh discusses the 17 critical questions to ask
vendors, software component suppliers, and software-as-a-service (SaaS) providers
about their product before you commit to using it. He describes how to benchmark
your own software security practices, the top application security flaws that put
your business at risk and their symptoms. You’ll also learn to make more security-savvy
software acquisition, development, and outsourcing decisions.
|
|
|
An expert on application security and testing,
Herbert (Hugh) Thompson is Chief Security Strategist at People
Security (www.peoplesecurity.com).
He has co-authored several books and more than eighty academic and industrial publications
on security. In 2006, he was named one of the “Top 5 Most Influential Thinkers
in IT Security” by SC Magazine and was featured (along with Harri Hursti)
in “Hacking Democracy,” the Emmy-nominated HBO documentary on e-voting
vulnerabilities. On AT&T’s tech channel (techchannel.att.com), he currently
hosts “The Hugh Thompson Show,” which features industry luminaries in
IT security. Hugh earned his Ph.D. in Applied Mathematics from Florida Institute
of Technology where he remains on the graduate faculty. |
|
|
|
|
SOX and HIPPA and RESPA, Oh My! Mastering Software Compliance
Elle Ringham, Cognizant
Determining whether legal and contractual
issues apply to your development efforts isn't always simple. There may be some
obvious factors—industry regulations, service level agreements (SLAs), and
state or federal agency oversight. However, other factors may not be so obvious.
Even today, the Sarbanes-Oxley Act is largely legally untested, subjecting your
company to unknown legal risks. Examining legal, compliance, and audit issues throughout
the QA process lifecycle, Elle Ringham discusses the right questions to ask and
what to do with the answers. She provides guidelines you need to work with stakeholders,
developers, attorneys, and auditors. Incorporate legal requirements and compliance
issues as part of the architecture, development process, and for all strategic business
initiatives. Take away audit templates, metrics to help you know where you stand,
and sample reports you may need to produce in your current or next project.
|
|
|
Since 1990, Elle Ringham, JD, has
been involved in quality assurance and quality management. Since graduating from
law school, she has incorporated compliance, audit, SLA enforcement, and measurement
into her QA practice. Elle considers education, coupled with a structured process
improvement, to be the most effective way to introduce true quality assurance and
quality management into an organization. Her approach ensures buy-in and support
from everyone—stakeholders, executives, corporate counsel, developers, and
QA resources. |
|
|
|
|
Thursday, June 12, 2008
1:00 p.m. |
|
|
|
MANAGING PROJECTS AND TEAMS |
Beyond the Mission Statement: How Values Drive Behavior
Michele Sliger, Sliger Consulting
Companies often invest a lot of time
and money into defining their mission statement, expecting it to drive employee
behavior toward the stated purpose. Unfortunately this is a myth. Instead it is
values that drive behavior, and corporate values are often not part of the mission
statement. We’ll look at what other companies have posted as their mission
statement and their values and how that has affected their business. We’ll
walk through a common example of how a mission statement without values can lead
to project failures. You’ll find out how to determine what your company values
and how to compare that to what you value—and what to do if they are different.
Most importantly, learn how to apply what you’ve learned in your own situation.
See how to define values at the team level, a must in order to ensure effective
working relationships and that the right actions are taken by everyone to achieve
project goals. You’ll learn visioning exercises that you can conduct with
your team, and on your own—so you can better understand what you personally
value, how that guides your behavior, and what you plan to do about it.
|
|
|
For the past eight years—of
her more than twenty years in software development—Michele Sliger
has been embracing change with agile methodologies. Coauthor of the forthcoming
book The Software Project Manager’s Bridge to Agility and a self-described
“bridge builder,” her passion lies in helping those in traditional software
development environments cross the bridge to agility. Michele consults to businesses
ranging from small start-ups to Fortune 500 companies, helping teams with their
agile adoption and organizations with the changes that agile adoption brings. A
regular contributor to StickyMinds.com, Michele is a certified Project Management
Professional (PMP)� and a Certified Scrum Trainer (CST). She can be reached at
[email protected]. |
|
|
|
The Leadership Imperative: Creating a Culture of Trust
Pollyanna Pixton, Accelinnova
In our personal and business lives,
many of us know leaders who successfully foster environments of incredible creativity,
innovation, and ideas—while other leaders try but fail. So, how do the top
leaders get it right? Going beyond the basics, Pollyanna Pixton explores with you
the ways that the best leaders create “safety nets” that allow people
to discover and try new possibilities, fail early, and correct faster. Removing
fear and engendering trust make the team and organization more creative and productive
as they spend less energy protecting themselves and the status quo. Pollyanna shares
the tools you, as a leader, need to develop open environments based on trust—the
first step in collaboration across the enterprise. Learn to step forward and do
the right thing without breaking trust. Find out when and how to acknowledge and
reward trust in your team and organization.
|
|
|
An international collaborative leadership expert, Pollyanna
Pixton developed the models for collaboration and collaborative leadership
through her thirty-five years of working inside and consulting with corporations
and organizations. She helps companies create workplaces where talent and innovation
are unleashed—making them more productive, efficient, and profitable. Pollyanna
is a founding partner of Accelinnova, president of Evolutionary Systems, director
of the Institute for Collaborative Leadership, and co-author of the forthcoming
book, Stand Back and Deliver, A Leader's Guide to the Agile Enterprise
due out in November 2008. She co-founded the Agile Project Leadership Network (APLN)
and chaired the Agile 2006 Leadership Summits in London and Minneapolis. Contact
her at [email protected]. |
|
|
|
The Impact of Poor Estimating and How to Fix It
Mitch Lacey, Ascentium
Running Scrum by-the-book for three
months, the team was continually failing to meet its delivery commitments. As a
result, trust between the business managers and the team degraded almost to a point-of-no-return.
Even holding bi-weekly retrospectives, the team could not pinpoint the problems
causing their inability to release iterations on time. Mitch Lacey was asked to
assist the team in finding the root causes of the problems. He analyzed multiple
aspects of the project—from individual work items to planning meetings. Multiple
issues were identified, but one thing stood out above all others—the estimation
process they used had caused the team to miss its deadlines again and again. Mitch
discusses the estimation problems the team was having, how they were fixed, and
the resulting improvements in customer satisfaction value delivered. He presents
new concepts, ideas, and techniques to help you improve your estimating practices
and outlines the benefits of employing collaboration tools in the process.
|
|
|
A technical project manager with
Ascentium Corporation, Mitch Lacey has managed both
plan-driven and agile projects during his ten-plus year career. Mitch honed his
agile skills at Microsoft Corporation, where he successfully released large backend
core services for Windows Live. He then transitioned roles from program manager
to agile coach, working hand-in-hand with other groups throughout their transition
to agile practices. Mitch is a registered Project Management Professional (PMP)�
and a Certified Scrum Trainer (CST). |
|
|
|
Function Point Analysis: A Quick and Easy Primer
David Garmus, The David Consulting Group
David Herron, The David Consulting Group
The function point metric is used by many organizations worldwide to more accurately
size systems. Knowing the size of a system allows developers to better meet customer
demands of functionality within time and budget and communicate about these issues
with the system “owners.” Based on the latest version of the International
Function Point Users Group (IFPUG) Counting Practices Manual, David Garmus and David
Herron provide a detailed explanation of the rules engineers must follow to accurately
count function points. Join them to learn the value and use of function points within
an overall software measurement program and the basics of how and when to use function
point analysis (FPA). Examine real-world examples of software to see how to identify
the different functional components according the IFPUG’s FPA standards. To
assist them in applying IFPUG rules for counting function points, all participants
will receive a Certified Reference Card.
|
|
|
David Garmus is a founder of The
David Consulting Group (an SEI CMMI® Approved Transition Partner) and supports
software development organizations in achieving software excellence with a metric-centered
approach. David is an acknowledged authority in the sizing, measurement, and estimation
of software application development. He is a past president of the International
Function Point Users Group (IFPUG) and a member of their Counting Practices Committee.
David has spoken at numerous conferences and written many articles and several books. |
|
|
David Herron is an acknowledged
authority in the use of metrics to monitor the impact of Information Technology
(IT) on the business and on the advancement of IT organizations to higher levels
of software process maturity. He is a noted author and lecturer and has addressed
audiences throughout the US and Europe on performance measurement, software process
improvement, and outsourcing governance. With David Garmus, David Herron has co-authored
two books on functional measurement. David Herron’s current engagements include
senior-level consulting and coaching on matters relating to organizational change
management, team, and individual mentoring.
|
|
|
|
SOA Testing Challenges and Proven Practices
Guruprasad Gopalakrishnan, Wipro Technologies
The best thing about Service Oriented
Architecture (SOA) is its flexibility—a heterogeneous computing environment
in which different services and service providers can use different technologies;
loose coupling of components to allow any application to make use of service capabilities;
and ad-hoc integration of applications within and across organizations. However,
from a tester’s perspective, these very advantages make the testing of Web
services and SOA-based applications highly complex. Testing Web services through
the front-end of applications is usually ineffective. Tracking defects to their
source is difficult because of the layered application designs. Instead, you must
design and execute mostly non-functional tests for compliance to standards, interoperability,
security, reliability, and performance. Join Guruprasad Gopalakrishnan to find out
about the challenges inherent in SOA testing, discover the tools available to help
you in your quest, and go home with a “tested” approach you can use
to optimally confirm SOA operations.
|
|
|
A lead consultant at Wipro Technologies, Guruprasad Gopalakrishnan
leads the SOA testing initiative within its Testing Services division. He has twelve
years of experience in the IT industry in various software testing roles. Guruprasad
has managed testing projects in the banking, financial services, and insurance industries
for various clients worldwide and has performed numerous test process and test automation
assessments. |
|
|
|
Automating Security Testing with cUrl and Perl
Paco Hope, Cigital
Although all teams want to test their
applications for security, our plates are already full with functional tests. What
if we could automate those security tests? Fortunately, most Web-based and desktop
applications submit readily to automated testing. Paco Hope explores two flexible,
powerful, and totally free tools that can help to automate security tests. cUrl
is a free program that issues automatic basic Web requests; Perl is a well-known
programming language ideally suited for writing test scripts. Paco demonstrates
the basics of automating tests using both tools and then explores some of the more
complicated concerns that arise during automation—authentication, session
state, and parsing responses. He then illustrates simulated malicious inputs and
the resulting outputs that show whether the software has embedded security problems.
The techniques demonstrated in this session apply equally well to all Web platforms
and all desktop operating systems. You'll leave with an understanding of the basics
and a long list of resources you can reference to learn more about Web security
test automation.
|
|
|
A managing consultant at Cigital, Paco
Hope has more than twelve years of experience in software and operating
system security with areas of expertise in software security policy, code analysis,
host security, and PKI. Paco has worked significantly with embedded systems in the
gaming and mobile communications industries and has also served as a subject matter
expert on issues of network security standards in the financial industry. Prior
to joining Cigital, he served as director of product development for Tovaris, Inc.,
and head systems administrator in the Department of Computer Science at the University
of Virginia. Paco is co-author of Mastering FreeBSD and OpenBSD
Security. |
|
|
|
Real Software QA
Linda Westfall, The Westfall Team
With the ever-increasing demand for
software products, it is imperative for organizations to move away from trying to
“test in” software quality and move toward adopting a comprehensive,
total-life cycle software quality management approach. Such an approach is the basis
of real software quality assurance (QA)—all the planned and systematic actions
necessary to provide confidence that a system will perform satisfactorily in production.
In contrast to software quality control (QC), which consists of detection activities
such as testing that are product focused, software QA is process focused. Software
QA includes defining, establishing, and monitoring the control practices that ensure
policies, systems, and processes are effective and efficient across the entire software
development life cycle. Linda Westfall focuses on defining the elements and techniques
of a comprehensive software QA program. Her goal is to help you identify gaps and
process improvement opportunities in your organization’s software QA activities.
|
|
|
Linda Westfall is the president of The Westfall Team, which provides
software engineering, quality and project management consulting, and training services.
Prior to starting her own company, Linda was senior manager of quality metrics and
analysis at DSC Communications, where her team designed and implemented a corporate-wide
metrics program. An ASQ Certified Software Quality Engineer, Linda has more than
thirty years of experience in real-time software engineering, quality, and metrics.
Linda Westfall is a past chair of the ASQ Software Division and has served as the
Software Division’s Program Chair and Certification Chair and on the ASQ National
Certification Board. |
|
|
Thursday, June 12, 2008
3:00 p.m. |
|
|
|
|
MANAGING PROJECTS AND TEAMS |
Maximizing ROI on New Technology Acquisition
Chris Ronak, Agile Thinking Inc.
IT departments and software technologists
must invariably navigate many challenges when planning to acquire new tools, invest
in new technology, fund new technology projects, and introduce process changes.
How do you get the most out of these investments without upsetting existing mission-critical
processes or projects? Subsequently, how do you rapidly turn your new technology
into a successful release that augments your product suite? Chris Ronak shares his
experiences and offers his recommendations on how to best integrate newly acquired
technology into mainstream development processes and projects. A strategic acquisition
must provide missing functionality that enhances your existing product suite or
technical framework—and it must be implemented without hindering or stopping
progress on other business-critical projects. Join Chris to explore ways to build
an extensible core technology framework that allows you to successfully integrate
new technology and innovative practices into your existing development organization.
|
|
|
Chris Ronak has worked in management and as a programmer in telecoms,
banking, oil and gas, and GIS in Canada, US, Germany, and the UK for more than eighteen
years. He has worked with numerous technology departments that have ambitiously
and optimistically tried to acquire or change their technology—often with
undesirable results. Chris pursues the responsibility for implementing new technologies
and methodologies and has demonstrated the ability to translate these changes into
positive results.
|
|
|
An Alternative to Consensus: Accelerating Effective Decisions
Michele Sliger, Sliger Consulting
Software development teams don’t
always need, want, or have time to make decisions via group consensus. And project
leaders often already feel over-burdened with the multiple decisions they have to
make on their own. But there is a middle path—an alternative to consensus—in
which shared responsibility for decision-making provides for input from many and
one voice to represent the team and make the final choice. In this decision-making
process, a team member volunteers to be the decision-maker on a particular issue
with only one mandatory rule—seek guidance. The greater the impact the decision
will have on the organization, the wider the quest for advice must be—all
the way to the board of directors, if appropriate. Join Michele Sliger to learn
how this approach to decision-making might be right for your organization.
|
|
|
For the past eight years—of
her more than twenty years in software development—Michele Sliger
has been embracing change with agile methodologies. Coauthor of the forthcoming
book The Software Project Manager’s Bridge to Agility and a self-described
“bridge builder,” her passion lies in helping those in traditional software
development environments cross the bridge to agility. Michele consults to businesses
ranging from small start-ups to Fortune 500 companies, helping teams with their
agile adoption and organizations with the changes that agile adoption brings. A
regular contributor to StickyMinds.com, Michele is a certified Project Management
Professional (PMP)� and a Certified Scrum Trainer (CST). She can be reached at
[email protected]. |
|
|
|
Test-Driven Analysis: Focus on the User, Not the Code
Ken Pugh, Net Objectives
Test-driven analysis (TDA) focuses on
the system at the user interface level. By concentrating on scenarios from the users’
point of view, TDA examines the inputs and outputs of a system and how the state
of that system changes as a result of actions performed on the system. Further,
TDA concentrates on creating tests that help developers and business analysts understand
the problem domain and the system requirements. Ken Pugh explores how tests created
during TDA efforts relate to user acceptance tests and how the TDA tests can propagate
to those created in a test-driven development framework. Together with Ken, you’ll
create analysis tests for a sample system and differentiate between various types
of tests—acceptance, analysis, and design. This class is about the process
of inquiry we need during analysis to answer the question “I know you’re
ready for testing, but what are you testing for?”
|
|
|
A fellow consultant with Net Objectives,
Ken Pugh ([email protected])
consults, trains, mentors, and testifies on technology topics ranging from object-oriented
design to Linux/Unix to the system development process. He has written several programming
books, including the Jolt Award winner Prefactoring and has served clients
from London to Sydney. When not computing, Ken enjoys snowboarding, windsurfing,
biking, and hiking the Appalachian Trail. |
|
|
|
Deception and Estimation: How
We Fool Ourselves
Linda Rising, Independent
Consultant
Cognitive scientists tell us that we are hardwired for deception. It seems we are
overly optimistic, and, in fact, we wouldn't have survived without this trait. With
this built-in bias as a starting point, it's almost impossible for us to estimate
accurately. That doesn't mean all is lost. We must simply accept that our estimates
are best guesses and continually re-evaluate as we go, which is, of course, the
agile approach to managing change. Linda Rising has been part of many plan-driven
development projects where sincere, honest people with integrity wanted to make
the best estimates possible and used many “scientific” approaches to
make it happen—all for naught. Re-estimation was regarded as an admission
of failure to do the best up-front estimate and resulted in a lot of overhead and
meetings to try to “get it right.” Offering examples from ordinary life—especially
from the way people eat and drink—Linda demonstrates how hard it is for us
to see our poor estimating skills and helps us learn to avoid the self-deception
that is hardwired in all of us.
|
|
|
Linda Rising has a Ph.D. from
Arizona State University in the field of object-based design metrics and a background
that includes university teaching and industry work in telecommunications, avionics,
and strategic weapons systems. An internationally known presenter on topics related
to patterns, retrospectives, and the change process, Linda is the author of
Design Patterns in Communications, The Pattern Almanac 2000, A Patterns Handbook,
and co-author with Mary Lynn Manns of Fearless Change: Patterns for Introducing
New Ideas. Find more information about Linda at www.lindarising.org. |
|
|
|
The Challenges of SOA Security
Jimmy Xu, CGI, Inc.
Service Oriented Architecture (SOA)
has many security challenges. To address these challenges, it is not enough to set
up a secure operational infrastructure. SOA security must be implemented in all
key areas of software development—architecture, design, platform, governance,
requirements, development, and testing. Jimmy Xu discusses today’s SOA security
challenges and explains why it is important to address these challenges inside software
development. He presents the latest security practices: standards compliance; review
of architectural blueprints and SOA platforms; secure SDLC process; threat modeling;
secure coding; and security testing. This session not only prepares you to delve
into the details of SOA security methodology, process, and techniques, but also
gives you the background information you need to plan and scope security assurance
activities in your SOA development projects.
|
|
|
Jimmy Xu has many years of experience developing enterprise applications
for manufacturing, financial, and telecom clients. He has worked on application
security, performance tuning, network infrastructure, and security. Jimmy designed
and implemented the core functions of Canada's first Internet child safety solution
and presented a paper on Java application performance tuning at the 2006 JavaOne
Conference. |
|
|
|
Fuzzing: New Tests for Robustness and Security
Ari Takanen, Codenomicon
Traditional security measures are doomed
to fail because they are focused only on defending against known attacks—and
studies show that more than 80 percent of software will likely crash when extensive
negative testing is employed. Fuzzing is a new, proactive technique for discovering
security vulnerabilities and robustness issues in software. Although fuzz testing
is most often based on some form of syntax checking, random input testing also can
be appropriate. Fuzzing is valuable during development when application testers
use the technique to surface issues and in production when security testers use
it for audits. Any type of system can be fuzz tested—from enterprise solutions
to consumer products such as mobile phones and set-top TV cable boxes. Ari Takanen
discusses the origins of fuzzing, explains the different technologies used by fuzzers,
and identifies current fuzzing tools, their uses and limitations. Ari describes
various metrics related to fuzzing that allow you to measure effectiveness and compare
the efficiency of various tools.
|
|
|
Founder
and CTO of Codenomicon, Ari Takanen has been researching
information security issues since 1998. His work aims to provide a means of measuring
and ensuring quality in networked software. Ari is one of the people behind the
PROTOS research that studied information security and reliability errors in WAP,
SNMP, LDAP, and SIP implementations. His company provides automated tools with a
systematic approach to test a multitude of interfaces on mission critical software. |
|
|
|
Scenario-Based Architecture Reviews: A Quality Process
Kevin Bodie, Pitney Bowes
Quality attributes—performance,
scalability, availability, maintainability, etc.—are often referred to as
the non-functional requirements. Unfortunately, these critical factors often are
specified through vague platitudes rather than explicit statements. Participatory,
scenario-based architecture reviews are essential to determine if the architecture
meets the system’s quality attributes as well as the functional requirements.
Scenario-based architecture reviews rigorously examine the characteristics of the
system to determine strengths, limitations, operating bounds, and overall requirements
satisfaction. Results include the impact on and risk of architectural choices for
the system. Kevin Bodie details the architecture review planning process, illustrates
its execution, and shows you the results with specific deliverables—the Architecture
Readout Presentation and Executive Architecture Readout. Kevin presents real-world
examples of these deliverables and offers you a review process model to implement
in your organization.
|
|
|
Kevin Bodie is a software development director at Pitney Bowes Emtex.
His team develops Automated Document Factory solutions targeted to leading-edge
production mailers. Kevin has held a variety of development and technical management
positions in his career and has developed motion control systems, large-scale control
systems, as well as Internet and Enterprise systems. Kevin has written for
Internet Week, Leadership in Action, and InfoWorld, appearing on its cover.
Kevin has received eight US Patents and is a member of the IEEE and the IEEE Computer
Society. |
|
|
|
|
|