“Secure code is the the first link in the chain,” says Charlie Miller, chief security researcher at Accuvant Labs. “People say, ‘We’re human, we can’t write perfect software.’ But we’re at 50% right now. We’re not even close.” Risky Business, Communications of the ACM, Nov 2011, pg 20.
As I read this statement my mind went on full alert. When I hear these kind of words I always think “we can fix this!” Why? Because in most cases where we’ve helped an organization to improve this was the typical kind of talk: “That’s unrealistic. Nobody can do that. We do the best we can. Software can’t be perfect. Projects can’t deliver consistently on time. Sure, anything is possible but only when pigs can fly!” The reluctance to make any real changes and the rationalization why big improvements are not possible is reflected in the common talk.
I am not claiming that we can attain perfection. It is only that when we have this kind of mindset we are usually so far from perfection that there is a lot of room to improve. In organizations that are good at what they do, I rarely hear this kind of discussion. Instead their discussions are often centered around doing specific things and jumping on the next opportunity to improve. They also have a tendency to know, in objective detail, what their real performance is in all aspects of their business.
I’ve been involved with software and IT organizations (saying the same things as above) that improved their quality so much that the test and QA managers were stressed about possibly losing their jobs (or more realistically some of their staff). I’ve seen customers go from saying they don’t want upgrades to our systems because they were so buggy — to they don’t want to upgrade their systems because we’ve made so many requested changes that it would impact their business processes too much!
Sometimes the best opportunities for improving comes when everyone is just sure that circumstances can’t be improved. When the common talk and wisdom is that things are just the way they have to be, then we probably have a great opportunity for our project to make a real and lasting difference.
What are some of the key challenges that are considered unchangeable or insurmountable in your project or organization?