cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Take Charge Of Your Technical Debt: Exploring Cryptographic Debt

Hi All

 

How will you cope with technical debt in the shape of cryptographic debt - think current Software practices and APIs and then onto Quantum Cryptography as well as Q-Day. 

 

Technical debt in software products typically results from unavailability of technology or unavailability of time.

 

It is the concept of “ship first, fix later.” There simply isn’t the time or manpower to do it right the first time. And nine times out of 10, the quick and dirty turns out to be “just fine.” It may not be elegant, not performant, but “fine” nonetheless, which is why the practice is near universal in the software world and technical debt is pervasive.

 

https://www.forbes.com/sites/forbestechcouncil/2023/10/30/take-charge-of-your-technical-debt-explori...

 

A most interesting piece and certainly something to think about.

 

Regards

 

Caute_Cautim

5 Replies
Early_Adopter
Community Champion

Cryptological,
Musings on the near future,
Or maybe new job?

Much of this is about timing, and the longer you take to get to that point where you can switch in and switch out cryptographic modules the worse off you are.

Warning signs:

“We need that version because…”
“I know that’s more CVE’s than you’d like, however we’re probably not vulnerable”
“This year will be the year we set a plan to do it…”

Of course, all things suffer from eventual obsolescence - and maybe like me you’d be willing to bet on that happening before there is a need... Though if you’re thinking about the good of people taking steps to correct issues now is essential.
Caute_cautim
Community Champion

@Early_Adopter   Well it runs in parallel with the forthcoming Q-Day and planning, if organisations are not planning, technical debt could be incurred due to not being prepared or not realising the implications of doing any testing, migration in a controlled manner.

 

Regards

 

Caute_Cautm

Early_Adopter
Community Champion

Yeah, I’d split this up to the basic revving of SW packages and making sure your developers know how to use them and then bing interested in what’s happening/available in the toolkit coming down the pipe.

The former is a SDLC basic(though cryptographic modules are particularly sensitive as they need to be compatible with others whilst not being vulnerable).

The latter, sign up for newsletters, watch the forums read the papers - if you depend on a paradigm, then be aware if something(or someone) is about to change it.

In your latter scenario, with not anything done, if I’d done all I could I think I’ll just retire and tend a bar, or make coffee for people…
Caute_cautim
Community Champion

@Early_Adopter   Well if the industry messes up the crypto migration, you may be paying for the coffee with Roman Tin coins or Pay forward or something similar or using a bartering for services system.

 

It needs a lot of careful planning, testing, and staging.

 

Regards

 

Caute_Cautim

Early_Adopter
Community Champion

Re-dollarizion..?

I can confirm that I have a “Trianic Pu”*
stored in the Oort Cloud if you can give me credit…

* Not a true currency “The Galactic banks refuse to deal in fiddling small change…” Douglas Adams