Rebuilding a Plane In Flight: refactors under pressure


Date
09 May 2017 00:00

Presented at O’Reilly OSCON

At some point, every engineer or project manager will have to take on a disaster. In these situations, it is easy to go into firefighting mode, trying to keep each new emergency at bay, instead of taking a systematic approach to fixing the underlying problems. This is why disgusting, brittle tangles of hundreds of thousands of lines of insecure spaghetti code stay in place so long. It is why you are inheriting a network of vulnerable SCADA components that the last four people were too afraid to fix.

Attempting to untangle a disaster that cannot be taken out of service is terrifying. Eventually, it must be done, but often no one wants to take responsibility for the project until it is almost too late. However, there is method to the madness. Susan Sons shares a high-level approach to safely refactoring software and other complex systems while supporting production deployments that may themselves be complex and varied, drawing from her experience refactoring life-critical software and cyber-physical systems (ICS/SCADA). While these methods were forged working on some critical systems and software, they apply just as well to a web application hairball or a DevOps nightmare.

Topics include:

  • Project management concerns: Resourcing, outside communication, and staging changes
  • Technical and architectural strategy: Supporting toolchains, triage, systems architecture, and refactor strategies
  • Balancing response to immediate security and stability concerns against long-term vulnerability reduction and maintainability
Avatar
Susan E. Sons

Susan E. Sons is a passionate and experienced information security leader who enjoys moving across verticals, down into the weeds, and up to the sky-view to see what others don’t, build unusually effective information security teams and programs, and help mature the field.