BT

Facilitating the spread of knowledge and innovation in professional software development

Contribute

Topics

Choose your language

InfoQ Homepage Risk Management Content on InfoQ

  • Application Security Manager: Developer or Security Officer?

    The role of the Application Security Manager (ASM) should be the driving force of the overall code review process. An ASM should know about development processes, information security principles, and have solid technical skills. To get a good ASM you can either use experts from a service provider or grow an in-house professional from developers or security specialists.

  • Building Stronger Human Teams by Managing the Inner Lizards

    Each of us has an inner lizard that frets constantly about our safety. People come with brains that are pre-configured to scan everything you say for threats to their safety. Learning to recognize when you're operating under reptilian influence is a great start. This article introduces some techniques to help you manage the lizard within you along with those around you.

  • Signs You’re in a Death Spiral (and How to Turn It around before It’s Too Late)

    Don’t let feature work blind you. Enterprises are ramping up their software delivery to compete in the digital-first world. But more features and faster time-to-market can lead your business into a death spiral if you neglect technical debt and risk work. Learn how to use value stream metrics to identify whether your business is in danger and how to reverse the trajectory before it’s too late.

  • Kick-off Your Transformation by Imagining It Had Failed

    Large scale change initiatives have a worryingly high failure rate, the chief reason for which is that serious risks are not identified early. One way to create the safety needed for everyone to speak openly about the risks they see is by running a pre-mortem. In a pre-mortem, we assume that the transformation had already failed and walk backward from there to investigate what led to the failure.

  • Three Major Cybersecurity Pain Points to Address for Improved Threat Defense

    Three pain points every company must address when addressing cybersecurity include threat volume and complexity, a growing cybersecurity skills gap, and the need for threat prioritization. This article describes each of these in some detail, and includes recommendations for corporations to deal with them.

  • How Developers Can Learn the Language of Business Stakeholders

    This article explores how business stakeholders and developers can improve their collaboration and communication by learning each other's language and dictionaries. It explores areas where there can be the most tension: talking about impediments and blockers, individual and team learning, real options, and risk management.

  • Q&A on the Book Risk-First Software Development

    The book Risk-First Software Development by Rob Moffat views all of the activities on a software project through the lens of managing risk. It introduces a pattern language to classify different risks, provides suggestions for balancing risks, and explores how software methodologies view risks.

  • Sustainable Operations in Complex Systems with Production Excellence

    Successful long-term approaches to production ownership and DevOps require cultural change in the form of production excellence. Teams are more sustainable if they have well-defined measurements of reliability, the capability to debug new problems, a culture that fosters spreading knowledge, and a proactive approach to mitigating risk.

  • Cultivating a Learning Organisation

    This article explores how creating an internal culture of experimentation and learning enabled a company to keep pace with the rapid iterations in tech that have become the regular way we do business. It shows that psychological safety is a key component of the learning organisation; employees need to be able to experiment and learn from any outcome - without fear that failure will be punished.

  • Three Keys to a Successful “Pre-Mortem”

    Talking about what might go wrong acknowledges that many things are out of our control, and that we might mess up the things which are within our control. To have this conversation safely involves a structured activity called a pre-mortem. If held with some regularity, and always with creative problem solving time at the end, it can build a safe space for adaptation in the face of adversity.

  • What Should Software Engineers Know about GDPR?

    EU General Data Protection Regulation (GDPR) is moving out of the transition period next summer to become enforceable GDPR strongly emphasizes risk-based thinking; you take every step to mitigate privacy risks until the risks become something you can tolerate. As a software developer, this will affect you. This is what you need to know.

  • Q&A on The Antifragility Edge: Antifragility in Practice

    In the book The Antifragility Edge, Sinan Si Alhir shows how antifragility has been applied to help organizations evolve and thrive. He provides examples of how antifragility can be used beyond agility on an individual, collective (team and community) and enterprise level, and explores a roadmap for businesses to achieve greater antifragility.

BT