October 10, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Much of programming language design today focuses on creating functional languages that guide the coder into writing software that’s easier to analyze. Rust is part of this trend. Many developers love Rust’s logical, functional syntax that encourages structuring their code as a sequence of nested function calls. At the same time, Rust’s creators wanted to build something that could handle the bit-banging, low-level programming required to keep IoT (Internet of Things) functioning. Rust offers the right combination for programmers looking to tackle these very real challenges with modern style. ... In some regards, learning Rust is a process of unlearning concepts and techniques you've likely followed from the beginning of your programming career. As an example, Rust requires abandoning the ideas of scope and ownership, which are required by older languages like JavaScript and Java. If you want to leverage Rust's benefits, you have to be willing to relinquish some familiar features that can lead to bugs.?
Awareness and funding do not translate into preparedness: although 75% of those surveyed feel their board understands their organization’s systemic risk, 76% think they have invested adequately in cybersecurity, 75% believe their data is adequately protected, and 76% discuss cybersecurity at least monthly, these efforts appear insufficient—47% still view their organization as unprepared to cope with a cyber attack in the next 12 months. Board members disagree with CISOs about the most important consequences of a cyber incident: internal data becoming public is at the top of the list of concerns for boards (37%), followed closely by reputational damage (34%) and revenue loss (33%). These concerns are in sharp contrast with those of CISOs, who are more worried about significant downtime, disruption of operations, and impact on business valuations. High employee awareness doesn’t protect against human error: although 76% of those surveyed believe their employees understand their role in protecting the organization against threats, 67% of board members believe human error is their biggest cyber vulnerability.
Reducing the cognitive pressure on development teams enables them to focus more readily on the core business code. Majors feels that "the more swiftly and easily developers can move, the better your platform team". In a recent Twitter thread, Majors elaborated on the relationship platform teams have with infrastructure and business code: Platform teams uniquely sit between these two tectonic plates -- infra code and business code, each moving at different speeds -- allowing other engineers to completely abstract infrastructure away. Majors draws a clear line between DevOps and platform engineering in stating "DevOps is about automation and managing infrastructure. Platform is about not having infra to run." This definition aligns to another statement made by Majors in that platform teams should focus on paying other people to run infrastructure, and conserve their development cycles for the development platform. Majors states that the goal of the platform team is to "run less software".
领英推荐
Thermal attacks can occur after users type their passcode on a computer keyboard, smartphone screen or ATM keypad before leaving the device unguarded. A passer-by equipped with a thermal camera can take a picture that reveals where their fingers have touched the device. The brighter an area appears in the thermal image, the more recently it was touched and therefore the order sequence can be estimated. Previous research by Dr Mohamed Khamis, who led the development of the system, found that ThermoSecure could reveal 86 per cent of passwords when thermal images are taken within 20 seconds, dropping to 62 per cent after 60 seconds. They also found that within 20 seconds, ThermoSecure was capable of successfully guessing 67 per cent of long 16-character passwords. As passwords grew shorter, success rates increased – 93 per cent of eight-symbol passwords were cracked and all six-symbol passwords were successfully guessed. Another aspect which made it easier for ThermoSecure to guess passwords was the typing style of the keyboard users.
“The Digital Services Act is one of the EU’s most ground-breaking horizontal regulations and I am convinced it has the potential to become the ‘gold standard’ for other regulators in the world,” said Jozef Síkela, minister for industry and trade. “By setting new standards for a safer and more accountable online environment, the DSA marks the beginning of a new relationship between online platforms and users and regulators in the European Union and beyond.” Under the DSA, providers of intermediary services – including social media, online marketplaces, very large online platforms (VLOPs) and very large online search engines (VLOSEs) – will be forced into greater transparency, and will also be held accountable for their role in disseminating illegal and harmful content online. For example, the DSA will prohibit platforms from using targeted advertising based on the use of minors’ personal data; impose limits on the use of sensitive personal data for targeted advertising, including gender, race and religion; and introduce obligations on firms to react quickly to illegal content.
Even though software engineers like to have a sense of ownership, we shouldn’t discourage flexibility—people easily become bored working on the same thing for years and years. There’s also the fallacy of sunk cost to keep in mind, which states that we tend to value things more because we’ve put more time and effort into them. Thus, providing flexibility to pivot when it makes sense can increase overall satisfaction and output. Accordingly, flexible management is also crucial to embrace pivots when they are necessary. For example, if a project is well underway but an engineer identifies a new solution that is more elegant, team leads should be open to recognizing and acting on changes. But to realize this sort of relationship, trust and openness must be bidirectional, said Sutter. If engineers can’t express their ideas or are afraid to tell their boss they’re wrong, these important conversations can’t happen. A flexible structure is also necessary to attract talent that prefers more modern work-life balance.?