Earlier this week, a really smart architect and I were evaluating various methods for managing software code changes, bug fixes, releases and major features. We both were in agreement with the primary direction, a popular one in nimble companies. Have a primary "trunk" or "master" branch; Any commits to "master" automatically get built and tested and ready for production (and possibly deployed); Any changes occur on "feature branches", temporary parallels streams of development that eventually - hopefully sooner rather than later - merge into "

I have been pondering this article for quite some time, then came across a great similar quote from Bryan Cantrill: "Don't just reboot it, goddamn it! Debug it!" Since Bryan always is a great speaker, watch it here. Time and time and time again, I come across companies and people with systems that are misbehaving. Time and time and time again, people suggest "why don't we just restart/reboot it?" What these people really are suggesting is, "

Friday I had lunch with a friend who does marketing for a pharmaceutical company. He described to me the process by which he manages major ads. "Ads are very expensive," says he. "First you have to develop the concept, which can be $10,000 or more. Then the production costs for the real ad are $100,000 or more. Finally, the actual costs to air the commercials easily can run $500,000."

"We made a small change and it brought down our customers for 4 hours." - colleague "Network issues caused outage" - GoDaddy "A configuration error... caused days of downtime." - Amazon "Facebook was down... for 2.5 hours." - Facebook Every one of us has seen human errors cause significant, revenue-affecting, downtime. Our stability instinct always is to tighten up change control to try and prevent a recurrence. In a cloud environment, though, our agility instinct is to be as nimble and loose as possible.

Today, we present the second guest post in the series by Ted Lloyd, editor of OnlineCISO. Yesterday, we explored why security spending need not be a bottomless pit, and how yesterday's tools, such as antivirus, can be evaluated using familiar risk management methodologies. Where then, should a business reinvest the funds previously allocated to antivirus solutions? Another analogy to the physical world can help to answer this question. Malware and variants are similar to microbiology in our physical world.