Repository of Horror

Hello everyone. You know, Halloween is a very strange holiday. The following blog post is really scary. So, if you are sensitive folk, maybe you should tuck yourself into bed early tonight instead of writing us angry letters tomorrow. Thanks for your attention.

Apologies to Marge Simpson

Just when you thought it was safe to go back in the water...

Is there anything more frightening than the unknown? Anything the mind can conjure up is frequently scarier than something realized. The shark in Jaws is terrifying because you don’t see it until it’s too late. It’s a silent, relentless death machine, hiding in the water.

A software vulnerability is the unknown, hidden deep within an ocean of code, packages and container dependencies.  Once exposed, you’ve no protection, you may have already lost data, or given someone continued access to sensitive information or processes. Even worse, do you know if you are exposed?

I'm worried the chum cloud will attract the attention of Carcharodon Carcharias.

There’s somebody at the door

Software, by its very construction is like a boarded up wooden house in a Zombie movie. You’re trapped, zombies are roaming around outside trying to get in, clawing at the doors and windows, ripping off hastily nailed-on boards, creeping under the floors in the crawlspace, searching for an opening. It’s a living (dead) nightmare.

Why would you want to be the one tasked with securing the house, patching the holes, letting the frightened neighbors in? Who wants the responsibility of ensuring everyone's survival?

Homer, did you barricade the door?

Why? Oh, the zombies. No.

The Butterfly Effect

It happens to all of us eventually. You make one tiny change. The PR is approved. It passes QA. It gets rolled out to staging. Everything looks healthy. It’s good to go. It gets rolled out to production late on a Friday afternoon. It's a simple change. What could go wrong?

A few moments later, the app seems slow. The processing queues are backed up a little, but are within the margins. A warning pops up that you haven’t seen before. You start to investigate. A few minutes later, the first error is flagged. A few moments after that, the first customer asks if there is anything wrong. Then the second.

Suddenly, the database is running hot. The queues are backed up beyond acceptable levels. Something is broken. Badly broken. But it just couldn’t be that simple change, could it?

As long as I stand perfectly still and don't touch anything, I won't destroy the future. Stupid bug! You go squish now!

Deep down, in the darkness and silence, you know the truth. These problems are systemic and common. You need to address these concerns; a control plane for security vulnerabilities, a way to quell the total cost of ownership of running a key part of your automated workflows, and the assurance of building repeatable DevOps processes to make sure that final deployment is trivial and quick to rollback if needed. You need a weapon built for the times.