Stories by Herbert H. Thompson

Weaving a software safety net

In software security, there's a depressing but indisputable truth: No matter what you do or how much money you spend making code more resilient, fortifying the network or electro-shocking developers who write bad code, you can't get rid of all the security bugs. Not only is it impossible to make 100 percent secure software; it's not cost effective. If we accept that bad things are going to happen, we can take simple steps throughout the development life cycle to weave a software safety net that limits the damage and pain of the inevitable, uncaught vulnerabilities that resist our best efforts at prevention.

Hidden risks of software-as-a-service

Terms seem to change meaning so often in IT. It used to be that outsourcing conjured up images of Bangalore. For many firms, outsourcing now is synonymous with software-as-a-service from companies such as, Intuit and ADP, which will -- for a healthy fee -- help an organization trim the fat off its business processes. While software-as-a-service may work miracles for your bottom line, surrendering control of a business process to a partner doesn't mean you also jettison the risk of your data being exposed. In fact, you probably increase the risk.