[{"data":1,"prerenderedAt":168},["ShallowReactive",2],{"article_list_legacy_":3},[4],{"_path":5,"_dir":6,"_draft":7,"_partial":7,"_locale":8,"title":9,"description":10,"tags":11,"excerpt":10,"image":14,"publishDate":15,"body":16,"_type":159,"_id":160,"_source":161,"_file":162,"_stem":163,"_extension":164,"author":165},"/jbagley/2021-07/softwaresenescence","2021-07",false,"","Legacy Vulnerabilities AKA Software Senescence","Does your business still have an XT computer in the back office because it's\nrunning that one version of some database software that your business depends\non? Yeah, we know there is. Most modern software doesn't work like that.",[12,13],"legacy","project-management","/jbagley/2021-07/img/old_software_to_new.jpg","2021-07-01",{"type":17,"children":18,"toc":148},"root",[19,26,31,36,43,48,54,59,65,84,89,95,100,106,111,116,122,127,133,138,143],{"type":20,"tag":21,"props":22,"children":23},"element","p",{},[24],{"type":25,"value":10},"text",{"type":20,"tag":21,"props":27,"children":28},{},[29],{"type":25,"value":30},"If you aren't keeping your custom software up with the changing computing\nenvironment, it will fail not necessarily because it has flaws, or the hardware\ncan no longer meet the demand, but because the support your software relies upon\nhas changed.",{"type":20,"tag":21,"props":32,"children":33},{},[34],{"type":25,"value":35},"Let's look at the vulnerabilities you must manage so that your software does not\nreach its end of life before losing its inherent usefulness.",{"type":20,"tag":37,"props":38,"children":40},"h2",{"id":39},"hardware",[41],{"type":25,"value":42},"Hardware",{"type":20,"tag":21,"props":44,"children":45},{},[46],{"type":25,"value":47},"Even though hardware is not changing as frequently as it used to when speed\nimprovements necessitated frequent hardware updates, there is still a little\nrisk. Look at Apple's change to its own processor from Intel's. These changes\ncan be painful, but happily they have slowed to be less than decadal rather than\nyearly.",{"type":20,"tag":37,"props":49,"children":51},{"id":50},"operating-system",[52],{"type":25,"value":53},"Operating System",{"type":20,"tag":21,"props":55,"children":56},{},[57],{"type":25,"value":58},"Operating system vendors have been great accelerators of software development\nthrough frameworks that give your custom software a leg up. Often working\ndirectly with these is necessary to give the kind of experience users\nexpect. And, for some time now, there are also programming languages connected\nto these platforms. Those tied to commercial organizations will be changing\nfrequently due to competitive pressure if nothing else, but open source\nplatforms also need to remain relevant and can introduce changes that break your\nsoftware.",{"type":20,"tag":37,"props":60,"children":62},{"id":61},"third-party-libraries",[63],{"type":25,"value":64},"Third Party Libraries",{"type":20,"tag":21,"props":66,"children":67},{},[68,70,82],{"type":25,"value":69},"Whether open source software or commercial, the libraries your software uses\nwill be moving ahead with somewhat less concern for how it affects your software\nthan you have. Even something like a fundamental math library will probably be\nchurning out improvements despite no new numbers having been invented since\n(zero)",{"type":20,"tag":71,"props":72,"children":73},"span",{},[74],{"type":20,"tag":75,"props":76,"children":80},"a",{"href":77,"rel":78},"https://en.wikipedia.org/wiki/0",[79],"nofollow",[81],{"type":25,"value":77},{"type":25,"value":83}," was invented about 1600 years ago.",{"type":20,"tag":21,"props":85,"children":86},{},[87],{"type":25,"value":88},"They also can have the same vulnerabilities as your own software and potentially\nmust evolve or fall into irrelevance.",{"type":20,"tag":37,"props":90,"children":92},{"id":91},"protocols-standards-and-formats",[93],{"type":25,"value":94},"Protocols, Standards and Formats",{"type":20,"tag":21,"props":96,"children":97},{},[98],{"type":25,"value":99},"Your software is using common data formats or communicating with other devices\nin some agreed way, a protocol. They may be standardized or may not, but they\nwill often be moving forward in technology's seemingly unstoppable\nmarch. When they change it can ripple out just like an OS update. All the\nsoftware implementing the protocols, standards and formats will need to\nchange, whether yours or third party.",{"type":20,"tag":37,"props":101,"children":103},{"id":102},"remote-interactions",[104],{"type":25,"value":105},"Remote Interactions",{"type":20,"tag":21,"props":107,"children":108},{},[109],{"type":25,"value":110},"Your software sends messages into the ether to get some result from a\nservice. That service is software and has the same vulnerabilities to being left\nbehind as your software. If they evolve your software can lose functionality or\nfail should you not keep up with those changes.",{"type":20,"tag":21,"props":112,"children":113},{},[114],{"type":25,"value":115},"In addition, nearly unique to this risk, services go away. When they do, it\nleaves you scrambling to find a replacement that minimizes the cost to recover\nthe functionality.",{"type":20,"tag":37,"props":117,"children":119},{"id":118},"security",[120],{"type":25,"value":121},"Security",{"type":20,"tag":21,"props":123,"children":124},{},[125],{"type":25,"value":126},"Underlying all of this is keeping your data and your users safe from\nunauthorized intrusions. It is the most important reason to keep on top of your\ndependencies and so cannot be ignored. Security compounds the above risks as\neach dependency of your software has the same exposure to security risks as your\nown. I put this last in the list to emphasize that it overshadows all the other\nrisks.",{"type":20,"tag":37,"props":128,"children":130},{"id":129},"conclusion",[131],{"type":25,"value":132},"Conclusion",{"type":20,"tag":21,"props":134,"children":135},{},[136],{"type":25,"value":137},"It is often frustrating to incur the cost to make changes because they don't\nresult in new or improved functionality. However, these moments can also be seen\nas opportunities to get in those enhancements you've been planning while\nreducing the overhead of a developer ramping up to being efficient on your\nproject again if it is not in active development.",{"type":20,"tag":21,"props":139,"children":140},{},[141],{"type":25,"value":142},"Moreso, when you want some feature added and find that your software is so far\nbehind that there is unplanned work to get it up to date and ready for the new\nwork to be done...I imagine that would be most frustrating.",{"type":20,"tag":21,"props":144,"children":145},{},[146],{"type":25,"value":147},"Once your software falls behind, catching up can be far more costly than it\nwould have been to make the gradual changes needed to prevent the avoidable\nsoftware senescence.",{"title":8,"searchDepth":149,"depth":149,"links":150},3,[151,153,154,155,156,157,158],{"id":39,"depth":152,"text":42},2,{"id":50,"depth":152,"text":53},{"id":61,"depth":152,"text":64},{"id":91,"depth":152,"text":94},{"id":102,"depth":152,"text":105},{"id":118,"depth":152,"text":121},{"id":129,"depth":152,"text":132},"markdown","content:jbagley:2021-07:SoftwareSenescence.md","content","jbagley/2021-07/SoftwareSenescence.md","jbagley/2021-07/SoftwareSenescence","md",{"user":166,"name":167},"jbagley","Jason Bagley",1780330268565]