DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
View Events Video Library
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Integrating PostgreSQL Databases with ANF: Join this workshop to learn how to create a PostgreSQL server using Instaclustr’s managed service

Mobile Database Essentials: Assess data needs, storage requirements, and more when leveraging databases for cloud and edge applications.

Monitoring and Observability for LLMs: Datadog and Google Cloud discuss how to achieve optimal AI model performance.

Automated Testing: The latest on architecture, TDD, and the benefits of AI and low-code tools.

Related

  • Unpacking the New National Cybersecurity Strategy: Key Takeaways for Developers and Security Experts
  • Securing the Software Supply Chain: Chainguard Builds on Foundational Innovation
  • The Rising Risks and Opportunities in API Security
  • The Enterprise Browser: A Security-Hardened Productivity Platform for the Future of Remote Work

Trending

  • A Better Web3 Experience: Account Abstraction From Flow (Part 1)
  • Monetizing APIs: Accelerate Growth and Relieve Strain on Your Engineers
  • The State of Data Streaming for Digital Natives (Born in the Cloud)
  • OneStream Fast Data Extracts APIs
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. Why Rugged Matters in the Dev, Sec, and Ops Discussion

Why Rugged Matters in the Dev, Sec, and Ops Discussion

A security researcher talks about some of the more prominent misconceptions surrounding cybersecurity, and how building rugged software can alleviate them.

James Wickett user avatar by
James Wickett
·
Jul. 17, 17 · Opinion
Like (1)
Save
Tweet
Share
2.47K Views

Join the DZone community and get the full member experience.

Join For Free

This week I was able to talk at DevSecOps Singapore. From that talk, I realized something. Well, not really something new, but I found something that I had once known but had forgotten. Rugged. Or, more specifically, why Rugged Software matters.

Rugged Software

Rugged Software is the idea that we can think of security not in terms of the absence of events, but in aspirations of quality. Security is a function of quality and arguably quality is a function of security. They work together, hand-in-hand providing a real, tangible benefit. In the physical world, we intrinsically know this. We buy cars to stay safe, use banks with good defense, and we instrument our homes for protection against intruders.

In software, we somehow lost our way. We made the conversation about whether we were hacked or not. Whether certain events existed or not. This made security a victim of circumstance rather than an effort in engineering. By that I mean we haven’t used value-driven approaches or value-centric language to build security. Instead, it has been commonplace in our industry to achieve compliance or manage risks through legal documents and insurance policies.

Insuring against risk is not the same as engineering for safety. We should not be fooled by this false construct. To this end, I love this quote:

When I first read this several years ago, I was blown away. Collectively as an industry, we have steered the ship down the wrong path of compliance and insurance policies and the like. We did this in the name of security but this completely leaves out security’s role of quality. There is no quality in an insurance policy — there is loss protection, but that is not quality.

Why Rugged Matters

That quality matters and includes security is not a new revelation to most, or at least it shouldn’t feel like a paradigm shift or something radical.

I found this old slide from a presentation I had given several years ago and I included it in the presentation at DevSecOps Singapore. It juxtaposes security and rugged as two propositions and the general perceptions of and ideas behind both.

Security is driven by an absence of events, often costing more resources than desired. Security has a negative attitude towards developers and software engineers. Security is negative, dealing with Fear, Uncertainty, Doubt as the main currencies. Overall, Security is toxic.

Flip that around to Rugged. Rugged seeks to verify quality and give proof to consumers that the software can stand up to the test. Rugged shows benefits to engineering teams and business owners. Rugged deals in positive language, showing known values for strength, reliability, and quality. Overall, Rugged is affirming.

My hope is that by writing this, it will help me reframe my thinking around this and maybe yours as well. Thanks for reading and let me know in the comments on what rugged vs. security means to you.

security dev

Published at DZone with permission of James Wickett, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • Unpacking the New National Cybersecurity Strategy: Key Takeaways for Developers and Security Experts
  • Securing the Software Supply Chain: Chainguard Builds on Foundational Innovation
  • The Rising Risks and Opportunities in API Security
  • The Enterprise Browser: A Security-Hardened Productivity Platform for the Future of Remote Work

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: