IT career: The title

Consider a traditional developer with expertise in Java, C++, and .Net. Ask a manager whether his or her employee would be mor...

Consider a traditional developer with expertise in Java, C++, and .Net. Ask a
manager whether his or her employee would be more valuable with some data
administration and data design experience, and the answer is clear.
Although it takes considerable effort and some adventurous volunteers, IT
organizations gain immense benefit from promoting an alternative to the
traditional career ladder. Call it the career random walk.
Organizations that have moved from career ladders to random walks recognized
that the shift calls for a significant change in thinking on the part of IT
managers. For years, theyve been taught to assess job applicants (and as a
result, their employees) in terms of marketable skills.
The career random walk places more emphasis on a different trait the habit of
Companies that encourage random walks consider a career to be a series of
successful assignments. As their employees succeed in these assignments they
gain breadth, depth, and exposure to an increasing range of situations,
technologies, methodologies, and leadership situations. As this happens, they
are naturally given new assignments that continue to provide new opportunities
for further growth.
The change can be disconcerting for employer and employee alike, but the
benefits are significant: Employees, gain confidence in their ability to
succeed at whatever challenge they are given. Employers gain flexibility in
their ability to place employees where they are most needed.
All they have to give up in the bargain is an expectation neither side can
always live up to.
Scour code for security vulnerabilities
By Galen Gruman, InfoWorld (US)
The old adage that an ounce of prevention is better than a pound of cure sums
up Fortifys approach to securing homegrown enterprise applications, which are
frequently enticing targets for hackers and their malicious exploits. "Its
these front-door apps that are the front-door access to the underlying data,"
says Fortify CEO John M. Jack.
The standard approach to securing enterprise applications is to look for attack
signatures and then block them. Fortifys approach is to eliminate the
vulnerabilities in the first place, so even if attackers breach network
defenses they cant exploit the applications.
A big reason for the holes in homegrown software is lack of experience. "Most
of the applications were written by developers not trained on security. They
expect well-behaved users," Jack says. But now that the enterprise is so
connected to the outside world, that expectation is unsupportable.
To help developers eliminate security holes, Fortify offers tools that work
with Java, C++, C, and Transact-SQL on Windows and Linux platforms. Essentially
an all-purpose plug-in to Borland, Eclipse Foundation, and Microsoft
development environments, the Fortify Source Code Analysis tool scans the
source code on the build server for vulnerabilities, such as a buffer overflow,
that a worm might take advantage of. Among the other 100 or so vulnerabilities
that Fortify looks for are SQL injections and cross-site scripting. The tool
identifies the vulnerability so developers can close them while the coding
effort is in progress. "We have total knowledge of the app and the context,"
Jack says, which he believes results in better security than traditional
post-deployment intrusion detection.
For more conventional intrusion prevention, Fortify also provides the
Application Defense tool to monitor application attacks. Its primary use is to
protect existing applications for which you dont have the source code or that
you have not been able to recode with the help of the Fortify Source Code
Analysis tool.
Shark Tank: Rat race condition
By Sharky, Computerworld (US online)
This pilot fish works for a small manufacturer thats a supplier to another,
much larger company. "Two years ago, a buyer at the big company insists that we
send them shipping information via EDI," fish says. "They use the information
to confirm receipt of goods and dont want to continue hand-keying the data.
"No problem we do that already for other customers."
It takes several weeks for the big companys EDI group to get in touch with
fish. They swap document specifications and set up trading-partner data.
Then, out of nowhere, the big companys EDI group informs fish that the project
has been canceled and that theyve notified all the appropriate people.
"A week later, the buyer calls me wanting to know the status of the project,"
says fish. "He threatens to start buying elsewhere if we dont get this
working. Of course, hes not happy to find out that his company canceled the
project. He indicates that hell straighten this out and Ill be contacted."
And so he is, a month later, by someone at the big companys EDI group. The
project proceeds, fish does the work on his end, and testing begins.
Then one day the tech at the big company suddenly stops communicating with fish.
A month later, after fish has made several attempts to contact the big
companys EDI group, he gets an e-mail message from a manager over there,
telling him the project has been canceled.
"I call the purchaser and explain that his EDI group canceled the project,"
reports fish. "And the whole cycle starts over again.
"Weve been through this cycle now four times in the past two years. I just
received another e-mail canceling the project. We still arent sending them
shipping information via EDI!"

K tomuto článku není připojena žádná diskuze, nebo byla zakázána.