Free DevOps Tool for Calculating Development Waste
Some might hate me for saying it, but DevOps can sometimes be a bit of a politics game. When you’re working deep in the trenches, it can be difficult to convince upper management on where you should be spending your time in terms of new functionality and never-ending bug fixes.
Yesterday during a RSA 2016 session on rugged DevOps, I learned about a neat web utility from Joshua Corman (@joshcorman), CTO of Sonatype, a company that focuses on software supply chain management. He’s also a great person to follow if you’re looking to learn more about DevOps and security best practices.
This free online calculator helps calculate developmental waste in your projects. Corman described that today’s software development is similar to a supply chain, where software is built with several different components. Sonatype states that the challenge is “knowing which components you are using, where they are used and which ones have security vulnerabilities, license or quality issues.”
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
To better understand this, you can play around with the calculator to interpret how much technical debt you’re racking up for these security vulnerabilities. It’s common to hear management or clients that demand new functionality, while fixes are put on the backburner. But with this free tool, you at least have some numbers to put things into perspective and engage in a thoughtful discussion on what needs to change. I hope that this tool sparks some valuable discussion where quality, security, and agility can be improved for your products and services.
Stay tuned for more updates from RSA 2016. Feel free to let me know your thoughts about this tool in the article comments or reach out via Twitter (@blair_greenwood).