Martin Fowler's Blog, page 9

Final post in “Branching Patterns”

As I said at the beginning of this long piece: branching is easy,
merging is harder. Branching is a powerful technique, but it makes me
think of goto statements, global variables, and locks for concurrency.
Powerful, easy to use, but easier to over-use, too often they become traps
for the unwary and inexperienced. Source code control systems can help to
control branching by carefully tracking changes, but in the end they can
only act as witnesses to the problems.

I'm not someone who says branching is evil. There are everyday
problems, such as multiple developers contributing to a single codebase,
where the judicious use of branching is essential. But we should always be
wary of it and remember Paracelsus's observation that the difference
between a beneficial drug and a poison is dosage.

more…

Final installment in “A Guide to Threat Modelling for Developers”

Feedback and continuous improvement is central to managing risk.
Neither the systems we build nor the threats they face are simple, as I
stressed at the start of this guide. And every team is different- with
different skills, tools, constraints and personalities. There is no single
way to threat model, this guide simply provides some basics to get you
started. Much like test-driven development or continuous delivery, threat
modelling rewards investment.

One way to improve is to perform a retrospective on your threat
modelling efforts, once you have run a few sessions. Ask what went well
and what could be improved. Is the timing right? Was the scope too
granular? Not granular enough? What about the location or remote tools you
have used? What issues cropped up after the session? How long did the
scope take to deliver? By asking such questions, the team will adapt and
build mastery over time, doubling down on what works and discarding what
adds little value.

more…

In this article, I've talked about branching in terms of patterns. I do
this because I don't wish to advocate The One Approach to Branching, but
rather to lay out the common ways people do this, and reflect on their
trade-offs within the wide range of different contexts that we find in
software development.

Lots of branching approaches that have been described over the years.
As I've tried to understand how they work and when they are best used,
I've assessed them through the half-formed patterns in my mind. Now I've
finally developed and written these patterns down, I think it's useful to
look at a few at some of these policies and see how I think about them in
terms of the patterns.

more…

New installment in “A Guide to Threat Modelling for Developers”

Software teams are incentivised to deliver, and rarely have unlimited
bandwidth to go away and address every threat identified. And some of the
threats may pose an insignificant risk. You need to filter down and
prioritise a few most important actions which you can take away and
execute on effectively.

more…

New installment in “A Guide to Threat Modelling for Developers”

Jim looks at how to come up with threats to a system, introducing
STRIDE, a simple framework to help teams think about threats.

more…

With this update, I finish off my todo list of branching patterns with
Collaboration Branch (A branch created for a developer to share work with
other members of the team without formal integration.) and Team
Integration Branch (Allow a sub-team to integrate with each other, before
integrating with mainline.)

more…

The first question for threat modeling is "what are you building?" We
explore this with low-fi diagrams, understanding the data flows, and
identifying the assets.

more…

Future Branch: A single branch used for changes that are too invasive
to be handled with other approaches.

more…

Jim explains how to prepare for a threat modeling
session. There are three key questions to focus on: what are you building,
what can go wrong, and what are you going to do?

more…

Threat modeling is a well-respected practice in designing secure
systems. But it's often done with complicated, exhaustive upfront
analysis. Jim Gumbley has spent the last few years helping ThoughtWorks
teams and clients adopt a different approach, which fits in with the
“little and often” agile philosophy. I'm happy that he's now written an
article to share his way of working, and this first installment explains
applying this incremental thinking to threat modeling.

more…