Timely and interesting read online here: http://gigaom.com/2008/06/30/10-of-the-biggest-platform-development-mistakes/, listing the 10 most commonly observed platform development mistakes. A few items in the list particularly caught my attention:
- Confusing product release with product success. I'm familiar with the huge sigh of relief that goes out when the development and implementation is completed. However, measure of success should be when the system is proven to function and has been accepted by your customers.
- Not having a business continuity plan/disaster recovery plan. I'm frankly amazed that this still needs to be stated as a requirement, and more so that I still hear of people getting push-back. An aquaintance informs me that as soon as he raised this issue when taking on a new job, his management told him that it was out of scope for information security.
- Relying on QA to find your mistakes. I like the point made in the article that you "cannot test quality into a system."
I'd like to add one more item to the list
11. Failing to consider and define security requirements. We need to understand the system and it's components, and know where data is intended to flow and be stored, Then we can understand the potential risks and the best controls. I like to set, and get agreement on a list of high level requirements at an early stage in the project.