Posted by Jeff Papows on Thu, Feb 18, 2010 @ 10:39 AM
Now I know that headline may sound a bit dramatic at first but when you hear about the on-going issues at Toyota and you read a rather frightening New York Times article, "When Radiation Treatment Turns Deadly," about software glitches leading to accidental radiation poisoning, it's not a far fetched hypothesis after all.
Every day we keep learning about these software glitches that are not only affecting businesses but are also disrupting our personal lives and putting our health and safety at risk. Just this week, Alan Paller, director of research at SANS Institute was one of many pushing for dramatic change. He wrote in an email to the team at nextgov.com, "The only way programming errors can be eradicated is by making software development organizations legally liable for the errors. And that can only be done if there is a safe harbor."
There is an industry wide movement currently underway to protect software buyers from being held responsible for faulty code. This news coincides with the annual "Top 25 Most Dangerous Programming Errors" list of the most widespread and critical programming errors that can lead to serious software vulnerability. The list is the result of collaboration among SANS Institute, MITRE and top software security experts in the US and Europe. In addition to the latest rankings, acquisition experts announced new standards for contract language aimed at protecting software buyers from being held responsible for faulty code.
According to Common Weakness Enumeration (CWE), a community-developed dictionary of software weakness types, these vulnerabilities are often easy to find and easy to exploit. Much like a most wanted list, the vulnerabilities on this year's Top 25 are cited as dangerous because they will frequently allow attackers to completely take over the software, steal data or prevent software from working at all.
If ever there was a time to play closer attention to the role of IT governance, it is now. With this in mind, I'm currently working on a webinar presentation with my good friend Joe McKendrick to specifically address how glitches can take down a company. The registrations are starting to pile up and we'd love for you to join us on Tuesday, February 23 at 2:00 eastern to discuss and debate software vulnerabilities in the real world. Here's the link.
Posted by Jeff Papows on Mon, Feb 08, 2010 @ 12:27 PM
Why is this making headlines now? Well, it turns out that the governor wasn’t notified of the situation until late last year because the
IRS had sent the mail to his house instead of his office. In case you’re wondering, the governor doesn’t receive mail at home due to security precautions.
Seems to me that a little
I.T. governance in the state of California’s computer systems may have gone a long way in terms of saving a lot of time and money. In the ideal situation, the software glitch would had been identified and addressed and the system would have accommodated the address redirect.
Instead, this software glitch incurred the administrative expenses of running the erroneous report, sending it through the postal system to an address that doesn’t receive mail and bringing in the IRS for an unnecessary investigation.
Makes you wonder about the entire I.T. infrastructure and how an existing software glitch may affect citizens, especially as we’re in the midst of tax season.
Posted by Jeff Papows on Thu, Feb 04, 2010 @ 09:53 AM
I can't imagine being in Toyota's shoes right now as journalists, customers and consumer advocates are demanding more information as to how exactly they built and shipped so many cars with faulty brakes.
This PR nightmare will continue for quite a while and Toyota's ability to recapture what was once a very strong brand is questionable. There have already been some discussions as to whether they should change their name.
While the details continue to be rolled out, I have to wonder how that software glitch got into the system in the first place.
According to Toyota, the company changed its braking system software in January as part of what it called "constant quality improvements." Company officials are describing the problem as a 'disconnect' in the vehicle's complex anti-lock brake system (ABS) that causes less than a one-second lag. Now one second may not seem like a lot of time to you. However, if you're driving 60 miles per hour, it will be about 90 feet or so before the brakes take hold.
Now you know where I stand on the importance of IT governance. I'm also not going to pretend to know the specifics of the Toyota situation beyond what you've likely read. However, the issue does call into question the broader issue of IT governance and the level that is applied in the software development process at Toyota.
This is not the first time that Toyota has been hung up by a software glitch. In 2005, CNet reported that a software glitch was affecting the performance of the Prius. At that time, Toyota asked 75,000 owners of Prius hybrids to have the vehicle's software checked. Apparently, a software glitch causes the warning light to come on for no reason and in some cases shut down the gas engine.
This story will continue to unravel in the coming days and weeks though perhaps we shouldn't isolate Toyota as glitches are ubiquitous. It's the lack of IT governance that may make the difference in the way that the public views and consumes your product.
Posted by Jeff Papows on Tue, Feb 02, 2010 @ 08:39 AM
I'm pretty excited about our news today regarding the new WebLayers Center governors for IBM's WebSphere MQ.
While we've had a pretty big policy library specific to WebSphere MQ, these new governors will help customers more easily adhere to IT policies as well as security and regulatory compliance mandates. Using WebLayers Center and WebSphere MQ, customers will be able to decrease the amount of potential software development policy violations. This helps curb the incidents that result in those erroneous data transactions that make headlines on a regular basis in the form of software glitches.
You know -- the type of software glitches that deposit funds in the wrong accounts or report inaccurate balances. With a more comprehensive view of the way that messages are routed through WebSphere MQ using WebLayers IT governance software, customers will have greater transparency which leads to better productivity and improved compliance.
To better put this in perspective, let me give you a real world example. Let's say that you're a financial services company. As you know, there are millions of transactions that are routed to various points in the infrastructure before they reach their final destination. Now let's imagine that your company is using WebSphere MQ to ensure the secure delivery of those millions of messages per day including trades, holds and transfers. And now one of your brokers is executing a trade between the US and Europe. There are many 'hops' that the message the broker sends must take along the journey from the US to Europe to execute that trade. Those hops obviously go beyond the walls of the original financial services company and requires security and compliance on all the parties involved in executing the trade. From the financial services company's perspective, WebSphere MQ will make sure that message is delivered in tact to the recipient.
This is one example where WebLayers Center comes in to complement WebSphere MQ. While WebSphere MQ ensures once and only once delivery of those messages, the WebLayers governors make sure that the message queues, or 'passage ways' so to speak are able to securely and accurately move those messages along. Think of WebLayers as the personal tour guide for the messages that prevents them from going down dark alleys, one way streets or dead ends.
Of course, this isn't limited to just the financial services sector as you can easily imagine many other scenarios where there are thousands or millions of transactions that need to securely reach their destination without causing bottlenecks or putting a company at risk for not adhering to compliance regulations.
For the WebSphere MQ enthusiasts -- and there are a lot of you out there -- this adds another layer of assurance that policies are being followed and messages are being delivered. For the business folks out there, what this means is that you'll rest a bit easier through an increase in quality and security of the transactions coming to and from your company.