Den trodde jag Pontus skickat redan. Han har fått det han behöver från mig. Estimering etc
Skickat från min Samsung Mobil
Adam Sroka <adam.sroka@...
I am not a security expert, and I'm not very familiar with the story, so I
won't comment on those parts. I do know a thing or two about Agile, and I am
pretty confident in saying that it would help (at the very least it wouldn't
I think the benefit of Agile in this situation is that it encourages you to
put the folks who know about security and the folks who know about UX
together in the same room with the folks who know the product and the folks
with other technical skills. That way they can participate together in every
phase of defining, implementing, and testing the product.
Of course, there is no guarantee that a security expert paired with a UX
expert would think of the scenario that caused the vulnerability that was
exploited. However, it seems obvious to me that they would have a better
chance of coming up with it than the average programmer working in
isolation. Agile tells us to get the right people and bring them closely
together as a team. This seems like good advice for this scenario.
On Tue, Jan 18, 2011 at 10:26 AM, Larry Constantine <lconstantine@...
> The front-page headlines in the Sunday New York Times once again brought
> the story of the Stuxnet software attack on Iran’s nuclear facilities to the
> forefront (
> http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html). The
> deconstruction by my German colleague Ralph Langner not only has teased out
> essentially all of the detailed functioning of the Stuxnet code itself, but
> also has uncovered clues to the larger story of who was involved in the
> operation and how it was accomplished. In a sense, the headlines trumped the
> storyline of the just-released Lior Samson novel, *Web Games*. (For an
> analysis and the connection with Stuxnet, see the blog at
> I want to raise two questions that could be relevant to this group. One
> element of the attack vector directly relates to user experience, as the
> Stuxnet code was able to insinuate itself into a man-in-the-middle position
> and effectively fool the operators into believing that everything was
> operating normally when, in fact, the centrifuges were in the process of
> tearing themselves apart. One question is whether there might be
> architectures or programming practices or interaction designs that make such
> exploits more difficult or less likely to succeed.
> A second question is whether agile development has any special role to play
> or anything particular to offer in terms of contributing to software and
> hardware security.
> --*Larry Constantine*, IDSA, ACM Fellow
> Professor | University of Madeira | Funchal, Portugal
> Institute Fellow | Madeira Interactive Technologies Institute |
> Fiction “to feed the inner nerd” – *Bashert* , *Web Games*, and * The
> Dome*, political thrillers from Lior Samson | www.LiorSamson.com<http://www.liorsamson.com/>