I know I’ve ranted about this before, and this post is no different. OSCON still doesn’t have any security talks, which is like an engineering conference that doesn’t have any structural integrity talks.
A sample of non-functional requirements in the OSCON 2010 program:
- Configuration Management – check*
- Deployment – check
- Documentation – check
- Efficiency – check*
- Legal issues – check
- Performance – check*
- Maintainability – check*
- Quality – check*
- Scalability – check*
- Testability – check*
* I’m going to a few of these tutes and talks
And what they don’t cover:
- Compliance – 0 talks
- Privacy – 0 talks
- Safety – 0 talks
- Security – 0 talks, 1 three hour tutorial
And yet, security is the only NFR that can close your business, destroy shareholder value, get you sued, cost you dearly in compliance and remediation costs, limit your organization or project to irrelevance, and destroy privacy for millions of folks in one fell swoop of ineptitude and cluelessness.
One day, the papers committee will get a clue. It’s not 2010, though.
So all my open source chums – see you in Portland!