Resisting compliance is futile
About two months ago I stumbled across a great YouTube video of a talk by Charity Majors called Compliance standards should be modern development practices. Now let’s step back for a minute. Am I seriously suggesting that anything with the word “compliance” is going to be a riveting watch? Why, yes I am. And with good reason. I’m a fan of good security and I like agile. And I think one of the major stumbling blocks about putting Sec into DevOps is to forget the agile origins of DevOps culture.
This is where books like Investments Unlimited or Wiring the Winning Organisation come into their own. And this talk by Charity at FinTech DevCon about compliance, standards and software development fits right in.
Modern software development is all about fast feedback loops. Getting into production as quickly as you can, allows you to find problems quicker and therefore fix them quicker. How often have we had to learn that all bugs cannot be prevented?
I’ve been in waterfall organisations that spend months writing detailed requirements specifications, high-level and low-level design documents, test strategy documents, test plans using enough paper to burn a good chunk of rainforest. And when we went into production, we found something didn’t work properly, and we had to pull all-nighters to get the system up and running.
