After reading the paper this morning, I realized that as Sony is dealing with its third data breach this year. How could a company as large as Sony have so many issues and how can you identify the warning signs that the company you are dealing with is protecting your data? There are some warning signs that you can identify that will inform you that the company you are dealing with does not respect your data and has poor security. Here are some of the warning signs that you should look for when dealing with another company:

1. Passwords stored in plain text- In Sony’s third data breach user passwords were exposed. Though data breaches are 100% impossible to prevent,  this should NEVER happen. Passwords should never be stored in plain text, but instead should always be hashed. When something is hashed, it is almost impossible to determine its original value. Hashing essentially runs an algorithm on what was typed in and turn s your password into a munch of mixed characters. It’s almost impossible to figure out what the original password was, without running every possible password combination thru the algorithm and comparing the results. So how do you tell that your password is in clear text? If you do a password reset and they send you back your password and not an option to create a new one, that is proof they have your password is not hashed in their system, so take warning and do not use their service and change your password with them to something not important and hope they have no history of your old password, though no guarantees of that.
2. No SSL- Any site where you have to enter your username and password or credit card information the site should be encrypted. Without encryption anything you type into a browser CAN BE seen possibly by others on the internet. Though it pretty rare for someone to intercept this data, it makes no sense not to have SSL in almost everything with passwords and definitely anything with a credit card. So next time you go to create an account or buy something, make sure you have the SSL (lock) symbol on your browser. 
3. Email of Personal Information- If you are doing business with a company and they email you your credit card number or personal information that you would not broadcasted across the web, be cautious. As email is not encrypted and essentially your data is sent in plain text across the web. 

It is very hard for you, the average consumer, to tell the security measures that the company you are working with is taking, but if they do any of the items above, take warning. I won’t say don’t do business with them, but I would say be very cautious and understand the risks that you are being exposed to.

-3E Software, Inc.

In part one we talked about how it was important to plan. There is no doubt that is one of the most important items you can do in a custom software development project. Yet one must remember that a plan is only good until you use it. What I mean by that is that you should expect change. No software project that is going to succeed is going to go 100% according to plan. For example you may roll out a beta test of the software and get back 100 things that are wrong because what your users told you they wanted is not what they needed or they like the changes so much they must have this an extra add-on. This is custom software 101 and should be expected, that is why I say that you must expect change. Now the key to keeping a project on time and on budget is to anticipate these types of change requests up front. I’m not saying that you should double your figures or time, but you should make it clear that your numbers are estimates and have some cushion in your budget. Your software shop should not add this to their quote; they should quote what you have asked for so far.

One of the best ways to plan for change is to set milestones in place where you have reviews of functionality. These milestones can be beta tests, check points, or iterations that get deployed. During these milestones everyone gets a chance to bring their ideas up. After these milestone reviews this is where you can figure out what is in the budget for the changes and how it will affect the timeline.  The most important things when looking at adding changes to an active project are : does the change affect the success of the project as stated originally, is there a strong ROI to justify adding it mid project, and is there executive support. If all three of these are true, then it’s a no brainier that you need to add it in to your project.

The most important things to remember when adding items into a project are:

1. The timeline will increase. No matter how easy something is, it will take time, you must expect the timeline to increase.
2. It will cost money. There is no such thing as a free lunch. No matter how the software company words it, you will pay for it.
3. Watch out for scope creep. Just as stated above new items will add time, don’t fall victim to adding so much to a project that it can never make delivery. Remember you can always have a version two, three, etc.
4. It must be important, not everything is as important as people make things seem. Rank the items you want to add in by importance with their cost and estimated time.  Evaluate how much time and resources you have and see how many you can fit in starting with the most important.
5. Don’t switch tasks. If you are currently 50% done with task A and you want to add task B as it’s really important, don’t stop task A.  Let task A finish then start task B. Now granted in the real world this may not always be possible, but remember switching tasks in development is like switching tasks in writing an article/book. If you are in the middle of writing a book and you have to stop and write another book. How easy will it be for you to start writing again in the first book? Not easy at all ,you probably forgot what you  were writing about in the current paragraph and will most likely need to reread a good chunk of you own book to get your mind back to where it was. This is why constant task switching in software development can kill a project. It just simply wastes time with little to show for it.

Now one important thing to note here is that adding items to the scope is to be expected and will increase your cost and time. What this should not do is change the budget and time estimated to complete the items you already had quoted. If you plan ahead and anticipate the change it will ultimately save you time and money on your next software project.

He who rejects change is the architect of decay.  The only human institution which rejects progress is the cemetery.  ~Harold Wilson

Ever have this great idea for a piece of software and you called your local software group and asked them if they could do it for $1,000 and they state no problem, only to get a bill for $30,000 dollars. Well hopefully this has never happened to you, but in order to make sure it doesn’t here are a few tips.

1. Plan- Plan out your project, walk thru the way it will work what you want it to do and order the features by their importance.
2. Get a quote – Always ask the software company to give you a quote on the project, most companies will get you this for free. You cannot expect a good quote without step one.
3. Quote Valid- Think about how many hours it would take someone to do your project. Expect to pay anywhere from $75 to $250 an hour for custom development. If the project looks like it should take 40 hours and the quote is $1,000, then there is a problem. If it the quote is for $16,000 then there is another problem. Just remember cheaper is not better and the most expensive group is not always the best.
4. ROI- If there is no return on investment, then don’t do it.
5. Payment Terms – Never pay for more than 50% of the project upfront if not less.  If the project is going to last months, set milestones with payments being dispersed on delivery. Always save a payment for the end when it’s all done.
6. No open contract – Never give the software shop a free reign to spend your money.  Have them stick to the quote. If you change the scope expect an increase in cost, but you must approve it. Make sure the contract states that there can be no budget over runs without your approval
7. Be Realistic – Custom software can be extremely complex as its completely tailored to the solution at hand. Do not expect custom software to be cheaper than a cookie cutter solution; also don’t expect custom software to be a fast process.
8. Own the code – Always own your code. Never do a custom solution if you cannot own the code the development shop creates. Do expect some tools such as CMS, tool sets, and add-ins to be propriety, but make sure you have a license to use them in the event you kick the software shop to the curb. Also, make sure they get you a copy of all of this before you pay them your final payment.

There is a saying in software development: You can have a software project fast, cheap, or good quality. Now pick two as you cannot have all three. In reality this saying is extremely accurate and something to think about when getting a quote on your next software project.

There are lots of great software shops out there just make sure that you are protected in writing as described above and make sure that both you and the software shop are being realistic in the pricing. If they offer no contract, then pick another shop.