GEEKONOMICS

Infrastructure needs software that is not only agile, but also rugged. Rugged software is capable of withstanding hostile actions and harsh environments while delivering value. Rugged Software Development provides a philosophical foundation for regularly and consistently creating resilient, survivable software. Rugged guides software developers to create better software without the draconian notion of security police breathing down their necks. Rugged is a value system, not a compliance system.

Rugged values results over style. We don't care if you are Agile, if you use waterfall, if you employ Open SAMM, Microsoft SDL, or if you leverage BSI-MM. We don't care if your White Crane programming kung-fu style is more elegant than someone else's Dancing Tiger programming kung-fu process. We don't care.

What Rugged cares about is results:

• software that can deliver value irrespective of the savviness of end-users or the technical capabalities of adversaries.
• Software that endures against the environmental forces arrayed against it in cyberspace.
• Software that is not a source of weakness for customers, but a source of strength.

U.S. Deputy Secretary of Defense William Lynn stated in The New York Times that "a fortress mentality will not work in cyber. We cannot retreat behind a Maginot Line of firewalls...If we stand still for a minute, our adversaries will overtake us."

To do that, we need software that is Rugged.

Are you Rugged?

Recite the Rugged Manifesto:

I am rugged... and more importantly, my code is rugged.

I recognize that software has become a foundation of our modern world.

I recognize the awesome responsibility that comes with this foundational role.

I recognize that my code will be used in ways I cannot anticipate, in ways it was not designed, and for longer than it was ever intended.

I recognize that my code will be attacked by talented and persistent adversaries who threaten our physical, economic, and national security.

I recognize these things - and I choose to be rugged.

I am rugged because I refuse to be a source of vulnerability or weakness.

I am rugged because I assure my code will support its mission.

I am rugged because my code can face these challenges and persist in spite of them.

I am rugged, not because it is easy, but because it is necessary... and I am up for the challenge.

To find out more about Rugged, please visit www.ruggedsoftware.org.

Adrian Lane over at Securosis posted a great article on the interaction between Agile software development and secure software development. Also, the comments/discussion are particularly good (Andre Gironda adds his remarks).

FireStarter: Agile Development and Security

Labels matter, especially when it comes to intangibles in the market place. Intangibles cannot be readily observed. Fuel efficiency, energy effeciency, auto-safety, and software security are all examples of intangibles. Without a label identifying the "amount" of an intangible supplied by a given manufacturer, it is troublesome for buyers to receive trustworthy, objective information from a seller because sellers are biased in the transaction. As a result, an intangible will remain undersupplied.

The effect of labeling is as profound as its absence. The video below illustrates the impact of the NHTSA 5-star labeling system on the auto market.  A 2009 Chevy Malibu and a 1959 Chevy Bel Air collide head-on. Which vehicle would you want to be in?

Labels matter.