Martin Fowler

Master feed of news and updates from martinfowler.com

Latest articles

Branching Patterns: Final Thoughts and Recommendations

Final post in “Branching Patterns” As I said at the beginning of this long piece: branching is easy, merging is harder. Branching is a powerful technique, but it makes me think of goto statements, global variables, and locks for concurrency. Powerful, easy to use, but easier to over-use, too often they become traps for...

Threat Modeling: Grow your practise

Final installment in “A Guide to Threat Modelling for Developers” Feedback and continuous improvement is central to managing risk. Neither the systems we build nor the threats they face are simple, as I stressed at the start of this guide. And every team is different- with different skills, tools, constraints and personalities....

Branching Patterns: Looking at some branching policies

In this article, I've talked about branching in terms of patterns. I do this because I don't wish to advocate The One Approach to Branching, but rather to lay out the common ways people do this, and reflect on their trade-offs within the wide range of different contexts that we find in software development. Lots of branching...

Threat Modeling: Prioritise and fix

New installment in “A Guide to Threat Modelling for Developers” Software teams are incentivised to deliver, and rarely have unlimited bandwidth to go away and address every threat identified. And some of the threats may pose an insignificant risk. You need to filter down and prioritise a few most important actions which you can...

Threat Modeling: Brainstorm threats

New installment in “A Guide to Threat Modelling for Developers” Jim looks at how to come up with threats to a system, introducing STRIDE, a simple framework to help teams think about threats. more…

Branching Patterns: Collaboration Branch and Team Integration Branch

With this update, I finish off my todo list of branching patterns with Collaboration Branch (A branch created for a developer to share work with other members of the team without formal integration.) and Team Integration Branch (Allow a sub-team to integrate with each other, before integrating with mainline.) more…

Threat Modeling: Explain and Explore

The first question for threat modeling is "what are you building?" We explore this with low-fi diagrams, understanding the data flows, and identifying the assets. more…

Branching Patterns: Future Branch

Future Branch: A single branch used for changes that are too invasive to be handled with other approaches. more…

Preparing for a threat modeling session

Jim explains how to prepare for a threat modeling session. There are three key questions to focus on: what are you building, what can go wrong, and what are you going to do? more…

A Guide to Threat Modelling for Developers

Threat modeling is a well-respected practice in designing secure systems. But it's often done with complicated, exhaustive upfront analysis. Jim Gumbley has spent the last few years helping ThoughtWorks teams and clients adopt a different approach, which fits in with the “little and often” agile philosophy. I'm happy that...

Discover, share and read the best on the web

Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!