Brendan Tompkins [MVP]

Sponsors

The Lounge

Syndication

Recent Posts

Tags

View more

News

Archives

Advertisement

Brendan Tompkins [MVP] » Other Risks of Off-Shoring?
Images in this post missing? We recently lost them in a site migration. We're working to restore these as you read this. Should you need an image in an emergency, please contact us at imagehelp@codebetter.com
Other Risks of Off-Shoring?

I'm feeling much better about the off-shoring issue lately.  For one thing, Newsweek had a big article last week highlighting some big offshore failures, and some evidence of on-shoring.  But, really interesting is Rory Blyth's take on what could happen to your off-shored data in countries that are less-than-secure.  Could you data be blown up by terrorists, taken hostage, or worse?  Very interesting stuff.  And in the comments, there's this link describing one scenario where this actually happened!  Yikes!

This all leads me to wonder, could an application's security be compromised the same way without the end-customer knowing?  Could developers be coding in obscure back-doors that are hard to find?  If you're thinking “That could never happen, someone would find it.” ask yourself this question: What are the chances that your end-client would discover a back door that you wanted to hide?  Now, agreed, this can happen anywhere, including in the US, but is there a greater risk if a project is off-shored? 

-Brendan

Posted 04-20-2004 1:36 PM by Brendan Tompkins
Filed under:

[Advertisement]

Comments

Grant wrote re: Other Risks of Off-Shoring?
on 04-20-2004 1:22 PM
Glad you're finding a "bright" side.

I'm reading the CodeSlave book and it's a very entertaining read. So far, off-shoring figures prominently in the story, but I'm not done yet so I don't really know how the author feels about the subject.

Incidentally, we'll be giving away a free copy of CodeSlave at our next WeProgram.Net meeting. We also have a slick CodeSlave t-shirt to give out too.

What more could it take to drag you, Brendan, further into the Hampton Roads .Net community? ;)
Steve Maine wrote re: Other Risks of Off-Shoring?
on 04-20-2004 7:04 PM
I actually think there's less of a risk for back-doors in offshore code, because code that's written offshore is trusted less and therefore subject to more stringent review.

Call it "guy in the next office" syndrome. You know them, you work with them on a daily basis, you're familiar with their capabilities. Come code review time, you give the code a general once-over but don't look at it too much "because Joe wrote it."

However, when the code shows up magically on some FTP site having been produced by an offshore team that you've never met and don't work closely with, you're more likely to go over that code with a fine-toothed comb. It's a mental thing -- you *expect* bugs in offshore code, so you look for them. As such, you're more likely to find an obvious hack or a backdoor.

At least, that's been my observation in working with offshore code.
Brendan Tompkins wrote re: Other Risks of Off-Shoring?
on 04-21-2004 1:55 AM
Steve, I think you're right. There's more of a risk involved with off-shoring data, like Rory says.
Brendan Tompkins wrote re: Other Risks of Off-Shoring?
on 04-21-2004 2:43 AM
Grant. Man, I'm going to make it to a meeting. I promise! If they ever get that light rail train in place, I'll be at every meeting. It's such a commute!
Mark wrote re: Other Risks of Off-Shoring?
on 04-21-2004 2:55 AM
Quit your belly aching and just show up to a meeting. I think it's going to take Grant, Darrell, and I to drive down to the docks, tie you up, throw you in the caddy, and take you to the next meeting. Don't forget the concrete boots... will use if necessary. :)
Brendan Tompkins wrote re: Other Risks of Off-Shoring?
on 04-21-2004 3:10 AM
One thing I've learned from watching the Sopranos is that when a guy with a last name like DiGiovanni tells you to do something whilst mentioning the word "Concrete Boots" you do it. I'm there.

Add a Comment

(required)  
(optional)
(required)  
Remember Me?