February 15, 2012

Why Projects Face Lack of Security in Important Modules

Whenever we plan a project so mostly focus on few important modules which we feel like heart of that project but gradually when we work on such project so those modules remain much behind and we realize that there plenty of modules other than those important modules which need equal attention in project. Here the development team try to save their image and work speedily in days and nights to cover that hidden part which was not their mistake but came in that project without discussion. I will not put responsibility of project management to the development team but on their project manager who was in initial meetings and who is in communication with development manager and marketing team. In fact problem starts when we underestimate a new project either our expertise are outstanding or we are just willing to win a project in bidding. Most of the problems comes with bid fight but not so much. The most pitiable group is the development team which is working in a company and just following a project manager. They have their minds, suggestions, experiences and priorities but whenever project delayed so whole development team suffers. We mostly cover the important, sensitive and demanding part in that time because no other choice available. At that time either team put effort and understand that our project manager was managing perfectly but scope of project being changed or project manager didn’t used his intuition and couldn’t do justice with his job.

The important part is group discussion, in which all the team members should take the tasks by their best understanding.

Obviously this situation ultimately put everyone in problem so lets discuss a little about its occurrence and remedy. Security of project or module is dependent on quality of code.whenever project delayed, project manager and his team lost their focus on quality development, their priority to achieve the functionality. They couldn’t remember the goals which were set when started the module related to security and other standards of development. So, when they focus to complete the project they loose their focus on quality development.

The other thing is code complexity. This is the worst enemy of security. Project manager and his team must try to develop simple code and try to develop modules efficiently not with complexity. When you write too much lines of code for a small module its mean you loose your track. Once you loose your track you are not sure about the security of module.

Another important thing is documentation. Every time you change your baseline plan, write down what change, when approved by CCA and when discussed by CCB. Every time a new requirement is added to the project write down where the requirement came from and how the time-line was adjusted because of it. You can not remember everything, so write them down so you will be able to look them up at the end-of-project review and learn from them.

Finally by completing all the important modules, team feel much satisfied but not confident because they know that how much and how many times they ignored the security aspect in a no. of modules. Those security holes doesn’t matter in small or sometimes medium projects. But who we are to decide that a project is small one or medium because every project is adding something in company’s portfolio and can minus as well. But mostly bugs remain hidden in small projects because rarely those projects being used completely, even few pages never being visited in months. But when such situation comes in a big projects so the problem choose a little different face to be in house again as an innocent monster. Now, not all the team members are available to work on that project with a no. of security holes which are identified recently by the client because either a new project is started or a few colleagues are not in the company or reason can be anything. Now only support team is available to get the defects list and to fix them in limited time. Finally they realized that security aspects ignored at that time. Now those errors and bugs are amplified and became a terrified monsters. That’s another story that how that small team will tackle that situation to save either company’s image or will they demand to leave that project or resign from job etc. But our discussion was started that why these security holes remain untouched and delivered to the client to be reported as defects. What i feel is, in hurry of project starting and wrong estimations plus wrong project understanding lead the projects towards project failure. I will surely give a couple of important tips to avoid this situation,

  1. Don’t take any project as a small project, every project is important and big if it can add something in your portfolio or can fade your repute in market.
  2. Whenever you feel that an easy and small module is taking much time and the important modules are being ignored so its an alarm for you to inform development manager that we are out of track, either get escape from that project or be a captain to correct the directions.

I hope that this article will help a few developers and development teams in managing their projects well, in fact its half part was written on 25th December and now i could completed it on 15th of February due to much busy schedule. One of my dear team member contributed in it regarding security and its importance. Your feedback would be an asset for me.

Thanks,
Fahad

Last updated: March 19, 2014