-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Addressing the first question on #180
- Loading branch information
Showing
1 changed file
with
11 additions
and
4 deletions.
There are no files selected for viewing
15 changes: 11 additions & 4 deletions
15
...m-Audio/to-fix-transcription/AppSec/Measuring companies application security.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,17 +1,24 @@ | ||
| **Measuring companies application security** | ||
|
|
||
| Reviewing company's technology to understand their future. As more and more companies upload their technology, and in fact as more investment is now being tied or good investment is being tied to the quality of similar technology, there is a need for an independent service or a company to have independence to actually provide analysis of company's technology stacks. | ||
| Reviewing company's technology to understand their future. As more and more companies depend on their technology, and in fact as more investment is now being tied or good investment is being tied to the quality of similar technology, there is a need for an independent service or a company to have independence to actually provide analysis of company's technology stacks. | ||
|
|
||
| And this is something that a typical analyst could be doing, and what they should be measuring is the maturity of their software development and the maturity of their environment. | ||
|
|
||
| And this should all be done using public information. This is one of those cases where you have to back it up by evidence, so the only way you can have good evidence is to have things on the record that are explicit which basically then means that you have a situation where even the analysis can be backed by data. | ||
|
|
||
| So, in a way the power of the analysis entity is that it takes the time and it has the ability to create peer reviewed, easy to measure, easy to understand analysis of companies. | ||
|
|
||
| And let us even take a view from investments, these days it is easier and easier for people to invest in companies. We should be able to get a good metric, a good understanding of some of these companies, the really old technology stack versus how much are they really flying heavy can to their seed, how much are they really basking the whole thing because you know that what is going to happen. Is as soon as they hit scale ability problems, they will struggle and they can't re-factor. | ||
| And let us even take a view from investments, these days it is easier and easier for people to invest in companies. | ||
|
|
||
| So, if you have a company which is going very fast, it makes some massive difference if they are on a scale able platform or not. In fact, if the idea that it is at the earliest stages of the company that you really want to be investing in technology, you really want to be sure you are going on the right direction, you control your self to it. | ||
| We should be able to get a good metrics of what is going on. We need a good understanding of what is happening inside these companies. For example: | ||
| - are they using an old technology stack | ||
| - how much are they really investing on it | ||
| - how much are they really busking the whole thing (because you know that what is going to happen) | ||
| - are they having have scalability problems cause by past architectural decisions | ||
| - are they able to refactor the code and keep it clean/lean and focused on the target domain models | ||
|
|
||
| So, if you have a company which is going very fast, it makes some massive difference if they are on a scalable platform or not. In fact, if the idea that it is at the earliest stages of the company that you really want to be investing in technology, you really want to be sure you are going on the right direction, you control your self to it. | ||
|
|
||
| Versus at a later stage where you can then figure out when you are successful. So, in a way the times where in the past you could grow a company and then actually have the nice problem of the company blowing up and the traffic blowing up and the whole thing going south because you were successful you can't really do that anymore. Because a lot of the systems are actually so integrated in society that once they become critical ask, they actually are critical part of that particular society. | ||
|
|
||
| And, there is still a huge amount of cost in moving away from that platform to what I call the log in index that will sure be tracking. But I think in this stage the idea is that investors and users should have a good measurement of the quality of that application or that service. | ||
| And, there is still a huge amount of cost in moving away from that platform to what I call the log in index that will sure be tracking. But I think in this stage the idea is that investors and users should have a good measurement of the quality of that application or that service. |