A new Rational Application Security Community

New My developerWorks group tackles best practices for Rational Application Security


developerWorks: This is a developerWorks podcast. I'm Scott Laningham. This week, we have Darrel Rader and Peter Spung of IBM® Rational® talking about a My developerWorks group called the Rational Applications Security Community of Practice — a lot of words in that title.

(Editor: To discover what new resources are available this week in developerWorks and My developerWorks, jump to the end of this interview.)

Here are some excerpts from a conversation I had a couple of weeks ago in Orlando, Florida, at the Innovate 2010 Conference. I was talking with two individuals from IBM Rational, Darrel Rader and Peter Spung. Darrel Rader is the first speaker.

Rader: Yes. So my role within Rational is part of the services organization. And I run the ... my title is Capability and Community Development. So we're looking at trying to find new ways to try and help our clients succeed and help them build skills as well as our own people.

Spung: Sure. Peter Spung. I'm responsible for the Rational strategy which means innovation and growth for the Rational business and trying to help our clients succeed in doing that.

And I'm teamed up with Darrel on this innovation. He's driving around communities in application security space. So I'm helping Darrel with the business plan and growth activities associated with this.

developerWorks: Better known as Rational Appscan and the communities around it, right?

Spung: That's right. That's right.

developerWorks: We wanted to talk about this My developerWorks group that's been launched. Darrel, what's up with that?

Rader: Yes, so this something we're launching this week and it's kind of a prelaunch. Again, we're trying to make a place where people can come and connect, just like they would here in Orlando, although 24 by 7, 365.

It's kind of like a global place where people can come and share stories; they can ask questions, they can meet with their peers from other companies, as well as connect with some of our experts.

One of the things we've been doing with communities over the last few years is figuring out better ways to connect people. And so it's, you know, you have discussion forums and things that were out on developerWorks, but this is an opportunity to actually use social networking and actually establish relationships with other people that you might want to come back and ask a question later or follow their blog, those type of things.

So all the social networking aspects that people are starting to use in their daily lives, we want to apply to their business lives as well.

developerWorks: The name of the community is what? And who are you looking for to participate in it?

Rader: It's called the Rational Application Security Community of Practice and it's out on My developerWorks. If you Google it, you can Google application security community and you'll find it.

And what we're trying to do is attract people that have a passion and an interest in developing their skills around application security. And you know, we will have, you know, our business partners and experts from IBM who are also participants in this community. So again, a chance to connect with these people, more than just when you come to Orlando.

developerWorks: Peter, why don't you talk a bit about the synergy that can come out of this and the type of things you want to see happen from it.

Spung: Right, absolutely. So picking up on what Darrel said, one of the things that we've learned through years of software development experience is that it's very much a team sport. It's a social system that you're creating among the people. So when you're trying to deliver software effectively, you've got to enable an effective social system: People interacting with each other and teaming up on things in order to drive innovation and effectiveness.

So what we're doing is we're combining that thought, a tried-and-true best practice in software development, we're combining that thought with the new social software, social networking thought. Right?

What better way to establish these communities to share best practice information, to learn from each other and build on the shoulders of each other, building on the shoulders of giants, be that kind of thing. What better way to do that, right, than to exploit the new social software technologies with 2.0 and so forth? And that's what we're setting up in this community.

So these guys, these folks out there interested in application security can team up, combine, connect, share best practices, and then grow that, right, grow the expertise, go the business, grow the effectiveness of application security.

Rader: You know, obviously it's something that there's a lot of interest in. And we're also hoping to, you know, get the people that are interested in social networking. Right? And people who want to build their professional networks just like they do their Facebook-type network but, again, in a business environment. So I'm optimistic. I think this will be a good opportunity for people to connect on things that are really important to them.

developerWorks: You know, it's interesting, security, and then using the social networking arena to have this conversation while the social networking arena may be one of the greatest areas of threat in terms of security that ... at least to people's perception of things, wouldn't you say?

Spung: Yes, absolutely. So it's an interesting way of combining these things. We're going to learn a lot through this experience about, you know, how to build communities online, but also how we share and protect expertise, how we share and protect credibility, right, bona fides that people establish through these communities and so on. It's a nice hybrid project of some of the leading-edge things that are going on in the software industry today.

developerWorks: What about what's happening around all of this at this conference? What are you guys involved in here?

Rader: So we've got a few things going on this week, so trying to get all the security sessions, so we're going to have all the security session leaders as members of these communities. So people, after they leave and you know, they get back to their office and they go "oh shoot, I forgot to ask that question" or whatever, they can come back and connect.

The other thing I think that's really important is the connections that people make with other customers, right? I think that's one of the huge value propositions for these conferences. They come and connect with other customers that are going through the same type of experiences.

So our hope is, is they keep those connections and actually make it personal, so they establish just like they would on Facebook where they invite people to their network and they maintain those relationships through the year and hopefully next year, when they come back to Innovate, they've cultivated those relationships over the year and they've actually, you know, it's something they can build on over time.

Spung: Picking up on that point, one question we get from clients often is, you know, "help me. Help me navigate. Software is becoming so important to my business. Where do I find out more about it?" Right? "Where does the industry sort of congregate and hang out?"

And we always say, of course, here. Right? Got 4,000 of, you know, people gathered here annually. Darrel's point is right on. Well, what about after? Right? What if I miss this week here? How can I continue to engage and learn the best practices, engage with this community? Let try this Appscan community practice, right, and build on that.

How do they learn about setting up effective social organizations and social structures? Hey, join one of these communities and see how it works in real life. Right? How people share expertise and still contribute to their growth of their own ... growth of their own skills, growth of their own profession, the businesses that they're in. And improved application security gets better and better and better as a consequence.

developerWorks: What's the message here for Business Partner participation?

Rader: Yes, so this is actually one of the main drivers behind doing this whole thing, is providing a platform for more of our Business Partners to be able to demonstrate their expertise. Right? And there's lots of different areas of expertise in the application security area. So our hope is that they come in and provide kind of the spark for communities.

And you know, one of the things I think that's worth mentioning is that our experience with communities shows that it's really about one to five percent of a community that really drives it and really participates and contributes. The other 95 percent really come and they want to learn and observe. Right?

And so what we hope to do is attract that five percent. And as the community grows, that five percent grows and the more value they bring to each other because they're sharing more experiences and it gets more active. So again, we hope that our Business Partners will use this as an opportunity to have a year-long platform.

Spung: What we hope may evolve here is a marketplace for expertise. When you think about a services domain, right? When you're buying services to help you improve your software development effectiveness, you're in an expertise marketplace. And what we found out through experiences like eBay and other places, right, Amazon.com marketplaces, there are many of these.

One of the things that you learn from those experiences is who the experts are. Who is credible? Who is good at providing this particular service? We believe an expertise marketplace will evolve in this arena, the software development expertise market.

We'll have partners involved, we'll have IBM folks involved. And you'll be able to see what their expertise is and when you go shopping, you'll be able to understand what the credibility of these folks is and what they bring to bear for your business, to improve your application security.

Rader: I'll just add to that. One of the things we're looking at is making people Google-able. Right? And business partners and experts, you know, from around, wherever they are. Right? They could be some 16-year-old, you know, genius who wants to establish themselves as one of the experts in application security.

This is an opportunity for the best to rise to the top because it's the community that's going to tell them whether they're good or not. So I think a really good opportunity for IBM, but also a good opportunity for the masses like I guess to come and build a reputation online.

developerWorks: That was Darrel Rader and Peter Spung of IBM Rational, speaking with me at the Innovate 2010 Conference in Orlando, Florida recently.

Be sure and check out the Rational Application Security Community of Practice that they spoke of. That group is on ibm.com/developerworks in the My developerWorks section. When you get to the Web site, just click on groups and the right nav and you'll be able to search for that title and join the group and participate in the discussion. This has been a developerWorks podcast. I'm Scott Laningham. Talk to you next time.

What's new in the developerWorks community?

Let's check in with dW newsletters editor John Swanson. Hi, John.

Swanson: Howdy, Scott.

developerWorks: How you doing?

Swanson: Not too bad. Not too bad.

developerWorks: Everybody recover from, you know, the Celtics Game 7 thing? I didn't even think about asking you that.

Swanson: We're trying not to talk about that. But you know, sports is a painful subject in the Boston area usually anyway.

developerWorks: Yes well, you have your fair share of trophies, too. So that's a good thing.

Swanson: Not too bad.

developerWorks: So what's on your radar this week?

Swanson: Well, from a developerWorks newsletter standpoint, right now, we're looking at the sorts of things that information junkies are dealing with right now. And we've got a tutorial coming out of the XML Zone this week: Build a web-based notification tool with XMPP. XMPP being the extensible messaging and presence protocol, which is of course XML based.

And this tutorial really focuses on real-time web applications which are also known for continually updating web applications. So we're talking about things like enterprise chat and you know, those search interfaces that reveal new content as it's being published.

So this tutorial gives an overview of real-time web apps and then it shows readers how to create a straightforward real-time web app called Pingstream which is a notification tool that uses PHP and Javascript™ to communicate over XMPP.

And so it's a very straightforward way to get up and running with this sort of technology. And I really think it's a topic that's going to resonate with a lot of our readers, especially news junkies like yourself, Scott.

developerWorks: John Swanson, always helping us focus in through the fog on what's important. Thank you, John.

Swanson: I do what I can. Thank you, Scott.

developerWorks: Also new on developerWorks this week:

Find all of that and more at ibm.com/developerworks.

Downloadable resources


Sign in or register to add and subscribe to comments.

ArticleTitle=A new Rational Application Security Community