Brendan Tompkins [MVP]

Blog First. Ask Questions Later.

Other Risks of Off-Shoring?

I'm feeling much better about the off-shoring issue lately. For one thing, Newsweek had a big article last week highlighting some big offshore failures, and some evidence of on-shoring. But, really interesting is Rory Blyth's take on what could happen to your off-shored data in countries that are less-than-secure. Could you data be blown up by terrorists, taken hostage, or worse? Very interesting stuff. And in the comments, there's this link describing one scenario where this actually happened! Yikes!

This all leads me to wonder, could an application's security be compromised the same way without the end-customer knowing? Could developers be coding in obscure back-doors that are hard to find? If you're thinking “That could never happen, someone would find it.” ask yourself this question: What are the chances that your end-client would discover a back door that you wanted to hide? Now, agreed, this can happen anywhere, including in the US, but is there a greater risk if a project is off-shored?

-Brendan

Published Apr 20 2004, 01:36 PM by Brendan Tompkins

Filed under: Offshore Outsourcing

Comments

Grant said:

Glad you're finding a "bright" side.

I'm reading the CodeSlave book and it's a very entertaining read. So far, off-shoring figures prominently in the story, but I'm not done yet so I don't really know how the author feels about the subject.

Incidentally, we'll be giving away a free copy of CodeSlave at our next WeProgram.Net meeting. We also have a slick CodeSlave t-shirt to give out too.

What more could it take to drag you, Brendan, further into the Hampton Roads .Net community? ;)

# April 20, 2004 1:22 PM

Steve Maine said:

I actually think there's less of a risk for back-doors in offshore code, because code that's written offshore is trusted less and therefore subject to more stringent review.

Call it "guy in the next office" syndrome. You know them, you work with them on a daily basis, you're familiar with their capabilities. Come code review time, you give the code a general once-over but don't look at it too much "because Joe wrote it."

However, when the code shows up magically on some FTP site having been produced by an offshore team that you've never met and don't work closely with, you're more likely to go over that code with a fine-toothed comb. It's a mental thing -- you *expect* bugs in offshore code, so you look for them. As such, you're more likely to find an obvious hack or a backdoor.

At least, that's been my observation in working with offshore code.

# April 20, 2004 7:04 PM

Brendan Tompkins said:

Steve, I think you're right. There's more of a risk involved with off-shoring data, like Rory says.

# April 21, 2004 1:55 AM

Brendan Tompkins said:

Grant. Man, I'm going to make it to a meeting. I promise! If they ever get that light rail train in place, I'll be at every meeting. It's such a commute!

# April 21, 2004 2:43 AM

Mark said:

Quit your belly aching and just show up to a meeting. I think it's going to take Grant, Darrell, and I to drive down to the docks, tie you up, throw you in the caddy, and take you to the next meeting. Don't forget the concrete boots... will use if necessary. :)

# April 21, 2004 2:55 AM

Brendan Tompkins said:

One thing I've learned from watching the Sopranos is that when a guy with a last name like DiGiovanni tells you to do something whilst mentioning the word "Concrete Boots" you do it. I'm there.

# April 21, 2004 3:10 AM

Name (required)

Your URL (optional)

Comments (required)

Remember Me?

Enter the numbers above:

Add

About Brendan Tompkins

Brendan has been programming with .NET since the first public beta and is owner and operator of Port Technology Services, a consultancy company providing .NET application development services to the Maritime industry. In July, 2007, he was awarded the Microsoft MVP award for ASP.NET. He's also a proud co-founder of failed .COM startup Intrinsigo, and has had a hand in the failure of numerous other businesses. He currently runs CodeBetter.Com and Devlicio.us, and lives in Norfolk, Virgina with his wife Tiara and son Ian.