Gunnar Peterson posted an article about challenges in Infosec security field. I love how he compares technical debt with the financial one. This is the same thing that I am preaching: we must keep technology of our systems current or even a little ahead of the market because once we fall behind it is very difficult and costly to catch up. I know that it is very difficult to find time and resources to move the system forward, and it can be scary to innovate, but it is very vital for keeping the system alive and relevant. Coincidentally, this is the challenge that everybody faces and everybody has to front the problem sooner or later. The key is not to get the system stale. You must always look for an opportunity to innovate and improve. Such attitude helps in keeping up with the wave of technological progress. We see many examples from the market when companies fall behind, lose customers, and then desperately play catch up upgrading their systems (Sony, My Space, Microsoft, etc.) In case of Microsoft, their sheer bulk, financial strength, and ability to recruit brilliant engineers, always pulls them out, although it remains to be seen if they will turn around their fortunes in mobile market.
Inspired by the following article which talks about innovation in security field where the highlighted quote is striking:
Technical debt measures the necessary work that does not get shipped in a release. Taking on too much debt is like borrowing too much money, it might work but once things begin to go against you its hard to recover because you are not in a position of strength.
And a bigger excerpt from the article:
If there is one thing that’s crystal clear in Infosec its that Infosec lags software innovation. Its a field where we are always playing catch up and the important question tends to be – how fast can we catch up?
Because innovation outpaces security, Infosec has been a passive bystander shuffling debt issuances around like someone processing subprime mortgages and rating it Triple A when the first payment cannot even be made. The industry ships apps everyday with substandard access control that do not reliably authenticate or authorize users, much less deal actively malicious actors.
Technical debt measures the necessary work that does not get shipped in a release. Taking on too much debt is like borrowing too much money, it might work but once things begin to go against you its hard to recover because you are not in a position of strength. As Warren Buffett says, “You don’t know who is swimming naked until the tide goes out.”