News from the World of Software Development – May 2017

Welcome to this month’s collection of a few interesting software development news stories from the last few weeks. If you want to check out April’s news digest, simply click on the following link. Hopefully, the content within this May digest offers a measure of insight for your software engineering activities. Good luck!

Agile making inroads in Government Software Development

Nearing its second decade of use, Agile is finally seeing wide adoption in software development at government agencies. Doug Robinson, the executive director of the National Association of State Chief Information Officers (NASCIO) in the United States reported that 81 percent of state CIOs plan on increasing the usage of Agile and other iterative development methodologies at their shops. News about this Agile implementation growth appeared this week at CRN.

“We’re seeing a lot of excitement in the CIO world to be able to deliver projects on time and within budget using some type of agile methodology,” said Robinson. As government entities tend to be slow to embrace new technology methodologies, this growth in adoption is another obvious sign of the continued maturity of Agile.

Small Teams write more Secure Code

Teams with a small number of developers produce more secure applications compared to groups with more than 20 employees. That is one of the main conclusions from the recently released 2017 CRASH Report, published by CAST Software. As applications grow in size and complexity, they simply become too difficult to manage.

A chief scientist at CAST Software, Bill Curtis, commented on the survey’s findings. “Applications have gotten so big and complex that no single team can understand it all. It might have five or six languages, multiple databases, CRM systems, and you can’t understand all the interactions. That leaves teams making assumptions that in many cases are wrong,” said Curtis.

Shops wanting to write more secure code need to invest in the relevant training for their developers, while giving them the tools for performing both static and dynamic testing. Additionally, involving a third-party team in the final vetting of an application’s security offers a valuable second opinion before the code is deployed to production.

Microsoft switches to Git for Windows Code Source Control

Considering Microsoft’s investment in its own source control systems, it comes as somewhat of a surprise that the tech giant is migrating all the source code for its Windows operating system to the popular open source tool, Git. News about this move appeared this week in Ars Technica.

The reasoning behind this shift lies within Microsoft’s OneCore project which is aimed at simplifying the Windows codebase. Their previous source control solution for Windows, SourceDepot, was straining to handle the massive amount of source code involved, which includes 3.5 million files.

Redmond chose Git because of developer familiarity as well as its open source nature. The basic Git application needed to be updated to seamlessly handle the Windows source code. Microsoft created a fork in the Git code for this purpose and is talking with the other industry giants who use the app – Google and Facebook – about combining their efforts in the future.

Make a visit to the Betica Blog part of your daily routine before firing up your IDE in the morning. As always, thanks for reading!

DevOps helping Teams with IT Security

With the continued growth of mobile technology and Cloud Computing leading more users to embrace eCommerce, there has been a subsequent increase in cases of identity theft, ransomware, and other forms of cybercrime. Nefarious agents – essentially hackers – are finding more targets on a daily basis. This puts the onus on software developers to ensure their web application remain as secure as possible. Enter DevOps.

Application engineering firms are now leveraging the faster development speed provided by DevOps to ensure their software products – and user base – stay protected from cyber criminals. Let’s take a closer look at how this modern methodology helps teams with cybersecurity.

Automating Security in Software Development

One of the most important technical principles within DevOps is the use of automation to make certain aspects of the software engineering process more efficient and subsequently faster. According to a recent article in InfoWorld, automated routines are also helping teams implement cybersecurity throughout the software development life cycle. In the past, adding security routines to a codebase was cumbersome; this is apparently no longer the case.

A 2017 survey on “DevSecOps” by Sonatype noted a change in how developers felt about adding cybersecurity routines to their applications. 84 percent of the respondents now feel coding application security routines is a necessary safety measure, as opposed to something hampering their creativity or delaying the release date of the application. The increased use of automation to build security into software is one of the reasons for this change in attitude.

Wayne Jackson, Sonatype’s CEO noted the advantages of leveraging DevOps for application security. “DevOps is not an excuse to do application security poorly; it is an opportunity to do application security better than ever,” said Jackson. His company’s survey also noted that the organizations who have no issues adding application security tend to be the same ones with a mature implementation of DevOps itself.

Faster Software Development makes it easier to write Safer Code

As the automation ushered in by DevOps has led to a faster software development process, companies are finding it easier to improve their code in other areas, most notably in security. Tyler Shields, vice president of Signal Sciences, highlighted this change.

“Successful application security has been defined as increased automation that doesn’t slow down the development and operations process. Imagine a scenario where developers embrace security rather than find ways to work around it,” said Shields.

Some of these automated security routines include fuzz testing and software penetration testing. Both are an important aspect in truly vetting an application’s barriers against hacking and other cybercrime. Analytical routines used by continuous integration software also check for vulnerable code – both in-house developed as well as within third-party components. 

With hacking and ransomware in the news on seemingly a daily basis, software development companies known for writing secure applications will gain themselves a competitive advantage compared to those shops that still see cybersecurity as a hassle. It is yet another example of what DevOps brings to the table for any application engineering organization. 

Regularly come back to the Betica Blog for additional dispatches from the wide world of software development. As always, thanks for reading!

The NoSQL Capabilities of PostgreSQL

Many businesses of all sizes leverage PostgreSQL as an open source option to Oracle and other relational databases. Significant cost savings while maintaining a similar level of performance remains a preeminent reason for this switch. A robust community and the availability of commercial-grade support make Postgres worthy of consideration for your traditional database needs. 

With NoSQL gaining popularity all over the technology world, you may wonder how PostgreSQL supports this new database paradigm. Let’s take a look at what functionality exists today in the database with a quick towards the future as well.

Postgres NoSQL for the Enterprise

We’ve talked about EnterpriseDB’s commercial level version of PostgreSQL previously on the blog. The company also offers a Postgres version with support for document databases and key-value stores – two of the most common NoSQL database types. Known as Postgres NoSQL for the Enterprise, this is something worthy of closer attention at companies looking for an open source mix of relational and NoSQL databases.

This Postgres database solution combines the speed and flexibility of NoSQL with the traditional SQL database functionality required for enterprise use – most notably the support for ACID (atomic, consistent, isolated, and durable) transactions. Database instances also easily integrate into the existing business data infrastructure, no matter the platform. In short, it provides the best of both worlds – relational and NoSQL.

ACID transactions are vital for business organizations that depend on the real-time validity of the relationships within its data. Many current NoSQL databases don’t offer this feature, instead following the BASE paradigm which emphasizes speed and availability over the consistency of the data. Postgres NoSQL lets companies combine unstructured and structured data; mixing the performance of NoSQL with the more formalized governance of traditional SQL.

Postgres NoSQL supports many industry standards for programmatic access and data exchange. These include Ruby, Python, and JavaScript for the former, and the JSON and XML formats in the latter case. The superior performance of PostgreSQL combined with the seamless scalability typical of a NoSQL database solution make EnterpriseDB’s combination of Postgres and NoSQL a valid option for any business desiring a flexible database infrastructure.

The Future of PostgreSQL and NoSQL

In a previous article looking at new features of PostgreSQL 10, we noted the relative lack of NoSQL functionality in this newest version of Postgres, slated for release later this year. The new XMLTABLE feature supports the direct querying of data stored in XML documents. Other performance improvements in version 10 bring the speed of the relational database closer to its other NoSQL brethren.

One recent enhancement in Amazon Web Services deserves mention for companies using a mixture of relational and NoSQL databases. The AWS database migration service now includes NoSQL databases, with MongoDB (as a source) and Amazon’s own DynamoDB (as a target) being the first two to be supported. This means companies with a PostgreSQL instance on AWS are able to stream data from Postgres to a DynamoDB instance.

Companies with an investment in PostgreSQL need to explore EnterpriseDB’s NoSQL option to see if any of its features make sense for adding non-traditional database formats to the corporate data infrastructure.

Keep returning to the Betica Blog for additional news and insights from the wide world of software development. Thanks for reading!