Encryption by default at 80%

Encryption by default is becoming the norm

http://www.computerworld.com.au/article/597981/encryption-by-default-80/

You should care about the new block cipher standard.Each and every time you use one of those point-of-sale devices what happens, your precious credit card information stored in that very reader.

The National Institute of Standards and Technology (NIST) has a new standard that is designed to protect your details (PDF). It’s been a tricky problem to address, as there was a mandatory requirement to retain the length and current format of the credit card numbers.

This allows for two alternatives for format-preserving encryption, to allow this data to be read and processed by applications but still protect payment card information from the bad guys.
We are entering an era of encryption by default.

The NIST solution
The NIST standard (SP 800-38G) creates new approach for “format-preserving encryption,” which makes long strings of numbers indecipherable in both binary and decimal formats.
Older NIST standards were designed to be applicable to just binary data. Using what is termed format-preserving encryption or FPE – there are two approaches: named FF1 and FF3.Each is a 128-bit block Advanced Encryption Standard (AES) that conforms to the new standard for block cipher algorithm.

The ‘smarts’ is that when this standard is applied the FPE-encrypted credit card number appears just like a credit card number. This allows for existing systems and hardware to continue to operate.

In the previous standard it was not possible to encrypt decimals and at the same time also allow system programs to read the number in that original format.

What drove the standard was to resolve credit card vulnerability. Interestingly, this approach also has a use case in medical records.This will allow personal information from medical records to be also protected.

Benefit for medical research
With every database, we need to have a unique key to search, index and locate information.Typically speaking a key is assigned; in countries like the USA a social security number is used.

The advent of this standard can ensure the requisite security and ensure privacy of records is maintained.I would expect that given the recent HIPPA decision to integrate their health standards with NIST that adoption will certainly occur. There will be increased focus on the critical need for cyber security for medical devices and the personal information that is stored.

Encryption by default
The dust from the and we are already seeing that Whatsapp chat and calls are now being encrypted. I believe that we have started entering an era where encryption by default becomes the norm.

In a recent CSO Roadshow on this topic, there was an expert opinion that encryption by default would eventually cover 75 to 80 per cent of all data.

Clearly there are performance issues to be overcome to enable this level of encryption in that regard. But in a time of increased data breaches and inability to insure fully against subsequent losses, it is somewhat inevitable that we start to see more encryption everywhere.

I’m a big believer in appropriate action and response.As managers we have to understand risk and manage this appropriately.

Right now I’m happy for my credit card and medical records to be secure.

A startup accelerator for social good

UNSW students are in the running to win the Hult Prize

http://www.computerworld.com.au/article/594105/startup-accelerator-social-good/

On a normal day I work with a variety of startups, especially in the fintech, enterprise technology and health tech spaces.

It is an amazing and exhilarating experience. But recently I had the pleasure to work as a mentor with Venturetec, mentoring a group of inspiring UNSW students from the Australian Graduate School of Management who are striving to win the Hult Prize.

The Hult Prize is a start-up accelerator with a major difference. It’s a startup accelerator for social good and it’s the world’s largest student competition.

From the 25,000 global applications received from 500 colleges and more than 150 countries this year, 300 will compete in five cities around the world for a chance to win one of six places to pitch in the finals to secure US$1 million in startup funding.

This is all about social entrepreneurship; bringing together college and university students from around the world to identify and launch disruptive and catalytic social ventures that aim to solve the world’s most pressing problems.

It’s a joint initiative by Hult University and the Clinton Global Institute. Bill Clinton set this year’s challenge to double the income of 10 million people living in crowded urban spaces and will be on stage to present the award.

The judging panel includes some heavy hitters, such as past Nobel Peace Prize winner Muhammed Yunus.

Introducing Bobbin
Bobbin (formerly solarweavers), comprising Ben Pask, Shalendra Ranasinghe, Lisa Shannon and Dimitry Tran, are the AGSM (UNSW) Hult Prize Finalists that are on their way to London for the Regional Finals in March.

The objective of Bobbin is to connect women in urban slums to a source of sustainable income. There is technology involved in their social enterprise, but this is not your usual high tech.It includes a solar panel (low power), sewing machines (low tech) and a cell phone for connectivity.
Their solution includes micro-financing but they are also exploring micro peer-to-peer lending.

Bobbin’s customers will be able to sew clothes from raw materials sourced locally, with sales into existing marketplaces and a new online solution.

I asked Trey Zagante, Venturetec CEO, to comment on why he was working with Bobbin, which is a departure from his normal enterprisetech focus:

"We chose to sponsor the Hult Prize @ UNSW to support social entrepreneurs who are driven to make a positive social impact that could potentially change the lives of tens of millions of people,” he said.

“The Bobbin team have really embraced the lean startup approach of Venturetec’s incubation program, and they’ll be going into the regional finals having rigorously tested and validated their business model”.

A new online marketplace
This is about setting up a new marketplace in a country where online is not that commonplace.The product to be sold will be items of clothes. The phone’s camera will be used to snap the item, which will then be placed onto a new online marketplace.

Bobbin has partnered with technology provider Arcadier to develop their marketplace.At first I was surprised that Arcadier, which operates in advanced next-generation marketplaces, would be able to service outside of their comfort zone, but they are clearly comfortable in the social enterprise space, which can require less sophisticated technology.

Clearly there is a major assumption around when a tipping point that will see a move from 2G phones and increasing availability of smartphones. In developing world countries we are starting to see rapid adoption of cheap Android-based handsets.

Bobbin’s other partner is Barefoot Power, which deploys solar panels and has a great existing penetration of markets in countries like Kenya.They are also in talks with the Kenyan Federation of Women Entrepreneurs.

There is an underlying belief that education is the answer to breaking the poverty cycle.

The stated goal of Bobbin is to double the income of people living in crowded urban spaces. Bobbin is focused on helping women who are on home care duties with few prospects of working outside of the home to generate an income.

“Empowering women may be the single most poverty reducing factor in developing economies which can lead to significant macroeconomic gains.It is shown that women are also more likely than men to invest more of their income into their children’s education,” says Lisa Shannon.

The model is deliberately simple to ensure that it ill work. They create a small craft industry for eight women to work in a sewing circle, with a leader to use phone to manage logistics and sell in the marketplace.

The provision of solar power to use the sewing machines also brings light and power for houses that would otherwise not have them. So the impact of this is remarkable.

The secret sauce
It’s not technology; in actual fact, Bobbin’s secret sauce is ‘care’.
The secret sauce is Bobbin’s connection with community to enable the skills that already exist within these communities.It is also anticipated that when community pride is harnessed the default on microfinance loans will be minimal.

With care and connection, these small steps to create new work will start to change the world one solar panel and sewing machine at a time.

What makes ‘smart contracts’ smart?

Smart contracts are another potential use of blockchain technology

http://www.computerworld.com.au/article/593550/what-makes-smart-contracts-smart/ 

Contract law has been a fundamental cornerstone of the formation of modern human society. Smart contracts, an expression coined by Nick Szabo, represent a digital evolution of contracts.

Szabo coined the term in 1997 to described self-enforcing digital contracts.

The advent of the blockchain — the distributed ledger employed by Bitcoin — has enabled the concept of smart concepts to come to life.


What is a smart contract?
A smart contract is one that is “capable of executing or enforcing itself,” writes Cryptorials’ Dean Walsh.

“Smart contracts are written as programming code rather which can be run on a computer rather than in legal language on a printed document.”

By definition, it is not necessarily a legal contract: It has programming code to detail strict rules and consequences.Thus it mirrors a normal contract in that such obligations are outlined, as are the breach penalties for non-conformance. 

Are they really smart?
Smart contracts are “modular, repeatable and autonomous scripts, usually running on a blockchain, which represent unilateral promises to provide a determinate computation,” states a BBVA paper (PDF).

“These scripts are stored in the blockchain at a particular address, which is determined when the contracts are deployed to the blockchain.”

When the specified event in the contract occurs, a transaction is automatically sent to execute the code. An example I recently heard a startup pitch was a new water market.This platform created a market where buyers used traditional contracts when they bid for quantities of water, which were then paid by bank transfers.

But in the world of a smart contract, the contract would detect who used the water, perhaps signalled from IoT sensor.There would be an automatic audit trail of the quantity, time, date, quality of water was shipped and received, from A to B.An agreed contract payment term would be invoked to make the required financial transaction also settled in real time.

Where else could you use a smart contract?
A loan could be stored as a smart contracts (in the blockchain) and also with collateral ownership information. In an example where the loan is completed, then the token for digital rights will be transferred. Similarly, if a default occurs and the borrower misses a repayment, then a smart contract could automatically revoke the digital keys that grant his or her access to the collateral.

Therefore if we take the example of a car loan, then your finance company could prevent you from being able to access or start your motor vehicle.

Smart contracts that also be established for securities and this would monitor the performance of digital or non-digital assets (futures, forwards, swaps and options)

Smart contracts, by definition, operate where there is no thrust between the parties.They allow individuals to contract with each other and manage the payments of funds without the middleman.

We use eBay and Amazon as intermediaries when we conduct trade over the Internet —we trust that these bodies to ensure that the goods will be legitimate and we also don’t want our credit card details held by shady characters.

In the case of music, it could potentially reduce file sharing.If you purchase songs or video media, a smart contract may you the right to use it.Your right to this would be stored on the blockchain — and it could be a specific digital right; for instance, the right to play it once in the next three months.

Smart contracts don’t mean that we trust the other party – it just means that they mechanism is automated so that you cannot be cheated.

See you in court!
Clearly this is all yet to be tested in court.One major drawback is that smart contracts assume that parties know all the rules at the beginning of their collaboration.Thus smart contracts must have mechanisms to allow parties to amend their agreements as mutually desired.

But given their ‘automatically execute’ nature, smart contracts may hold the potential to significantly reduce the chances of a dispute reaching court.

If you default on your car loan – then you can’t start the car and it automatically returns to the finance company, or is even put up for immediate auction and delivered to the new owner.

In the future, we will all learn to use smart contracts — and they will talk to each other.

How to pitch your startup to a VC

What is the best way to pitch for the venture capital your startup needs?

http://www.computerworld.com.au/article/598451/how-pitch-your-startup-vc/

So you have a startup and your excitement is hard to contain.You have a novel concept and are in the process of building it out.To get to this juncture you have used your own funds plus monies from friends and family.

The idea of living the dream and starting up the next billion-dollar unicorn is one that I’m seeing more and more regularly.

For many of these startups, the rude awakening is that it is not an easy path. If this is an endeavor that you are doing part-time then progress is slow. But if you take the plunge and work on it fulltime, then it is likely that your cash-flow projections might leave you shorter than anticipated.

So if you’ve reached the point where you’re ready to pitch to a VC — what’s the best way to go about it?

Getting ready to pitch
First, you have to have a unique idea that is going to be the centre of the pitch.That customer insight, based on facts, is what you what to test.Don’t make the mistake that what you believe to be true is universal.This needs to be part of your market research, and tested with a good sample.

Once you have that idea, then build out your MVP.This will start to test your own personal limitations and in every team, there are strengths and weaknesses.Be that technology, marketing or sales – every startup will have gaps.

It’s best to identify them and if possible, seek out advisory board to help you fill the voids.

As you are non-solvent, then you will need to establish this on the basis of a future equity arrangement.The most critical element is to get advice — and that means hearing things that you don’t want to hear.

Preparing your MVP and then testing this in a segment of the market is the right way to proceed.If you can get some revenue from this effort it will also help prove that there is a need for the product.

What to expect when you pitch
You have your tested MVP and received some results, and perhaps some sales revenue.Then you have effectively developed a business case, with expected costs, margins and distribution growth projections.

Then the hard part, how do you take this and distill into a seven to 10-minute pitch? Yes: Most pitches are decided within the first few minutes.There is no alternative but to have the best salesperson pitch — and that should be the CEO.

When you pitch to a VC there is a short list of what he or she is looking at:

• Do they believe that the MVP product has wow factor?
• Does the CEO and the team impress you?
• Is there any revenue that validates the MVP?
• Assuming there is no IP protection, then how easy is it for others to copy this?
• Does your request for funding make sense, the amount and how the funds will be used?

Pitching
The pitch has to nail the above checklist; if you have gaps then it is very likely that your request will be graciously declined.

Remember a VC is not a bank. They are in the business of making a margin from successful startups.In truth only one in ten startups succeeds, so VCs have to back winners otherwise they also don’t eat.

The pitch is a sales event, but has to be grounded with facts that support the case.A VC will be pitched to 30-80 times per month, and can identify any BS pretty quickly.

In every pitch, you will need to provide an honest assessment of the competitive landscape and why your startup is superior.

There will be times that a VC will see part of your pitch and really value that component. In these instances they are joining the dots on what else they have seen in other startup pitches.

Assess the value of the VC
A good VC provides much more than purely funding: They will also provide your advisory support and open doors.As you pitch and then do the Q&A, you will have the chance to engage in dialogue that provides you some insights into what other value a VC can provide.

However be aware that this is not the time and place to be demanding to hear the value-adds.But they can be a source of know-how around funding, IP lawyers, network connections, technology platforms and other disruptive startups that compete with you.

The aftermath
The VC will be able to assess afterwards does he or she believe in your product enough that he is willing to invest time to the startup.Most VCs are used to kissing many frogs before they find their prince or princess.

The aftermath is tricky can be confronting for the CEO of the startup who has invested time, energy and money.My advice is the listen to whatever the feedback that is provided, even when you disagree.

It doesn’t mean the VC is always correct, but as it is a small world you never know when you will be back for another round.

Furthermore, a VC is always attracted to a CEO who is confident, but not arrogant.When you come across as not ‘coachable’ and willing to take input, then that is not a great sign for the VC.

Most likely you have to regroup and make another run at pitching. But also don’t be blind to the fact that perhaps your startup idea is not as great as you think. If you can pivot and apply the feedback, then your chances of a winning hand improves.

Good luck with your pitch!

Computerworld IT Leaders: Simone Bachmann, Australia Post

IT Leaders: Simone Bachmann, Australia Post

Simone Bachmann is head of information security, innovation and culture at Australia Post

122194

 

• 
  

David Gee talks to Simone Bachmann, head of information security, innovation and culture at Australia Post.
Simone as head of information security, innovation and culture at Australia Post – you have the coolest title of anyone I’ve met.What exactly are you key responsibilities and what is the hardest part of your job?
 
It’s not just a cool title; it’s a really fascinating job. 

The innovation part is using customer-led design and lean innovation methodologies to solve customers’ pain points. This means anything from delivering solutions to keep people safer by default, through to creating discrete, revenue generating products and services.

Fundamentally the culture part of the job is about educating people such as our employees and customers about online security. Our mission is to help Australians be safer online.

To help make this a reality we use a variety of education principles and techniques, as well as behavior change models and partnerships with a variety of organisations.

It’s really easy to be passionate about striving to make a real difference to both these areas because the customer is at the heart of everything we do.

This is also the hard part of the job. Australia Post has such a broad range of customers (almost anyone), so there certainly no one size fits all approach.

Thinking about your own strengths what is your strongest soft skill?I would bet that is it all about influence, communications and interpersonal skills?
I think it’s the ability to try to put myself in other people’s shoes to see things from their perspective. 

It’s also not assuming that I have the all answers and asking others for help.

This helps me in many ways, such as when making decisions about people’s careers, creating customer solutions, and trying to explain why people should join you on a strategy.

When you think about leaders that you model yourself on, what attributes have you tried to emulate?
That’s a hard one, because to me the most important attribute is authenticity. And by definition it’s something you can’t really emulate - it kind of just has to just be the way you are.

Another key attribute is bravery. Sometimes I have bouts of ‘imposter syndrome’ when I look at what I get to do and the amazing people I get to learn from and work with, and feel like I don’t quite belong.

I’m aware of this, so I remind myself that it’s not about me. It’s about representing the work the whole team does. This helps me have the level of confidence and courage of leaders I look up to.


In terms of self-development, are you a person who likes to identify tough and perhaps unachievable goals?Or are you more pragmatic and centred?
I definitely like to challenge myself in many forms. This can involve taking a new job or project with many unknowns. As long as the team and I are well enough supported and set up for success to deliver something great, I’ll give it a go.

Outside of work I like to challenge myself by testing my perceptions. For example a few years ago, I would have told you that boxing was a silly sport — a test of macho bravado. So I did a class and three years later I am still training and have even competed in two boxing matches.

Fighting is counter to everything I know, so this was one of the most confronting things I’ve done. It was therefore one of the most incredible feelings of achievement.

I’d be lying if I said either of these were part of a grand goal. They were both totally opportunistic as most of my best decisions have been. However, when they come across my path, I often have moments where I think ‘wow, this is what I have been preparing for’.

Do you have a mentor that helps guide your career?
Yes, in fact I have three people who I consider mentors. They are people who have amazing perspective and are not afraid to offend me by challenging what I think or say.

With each of them, mentoring was an organic process and I didn’t actively think about what I wanted from them. They are just brilliant people in their own right and are people whose advice I have taken and applied in so many situations, both professionally and personally.

What’s the best piece of career advice that you ever received? 
There are many, but the one that comes to mind is that being underestimated can be a powerful advantage.

Early in my career, I was a mid-20s, blonde female in a male dominated IT industry. Wearing my suit, heels and makeup. I was often mistaken for the secretary when I was actually the head of the largest revenue generating division in the company.

It used to bug me but one day a customer pointed out that because I was considered less threatening than the other execs, people tended to be more open with me about what they needed to achieve and how I could help them.

I never misused this trust, but it taught me that what I perceived as a weakness could actually be a unique strength.

Just to understand more about what makes you tick — could you share what drives you?
This is where I sound like a walking cliché, but it comes down to two things. First, helping people achieve things that make a positive difference to their lives – I love seeing people achieve something they didn’t think they would or could.

Secondly, learning something new. It could be a random topic or something unexpected about a person that changes the way I view the world, even just a smidge.

What’s the hardest career decision that you have had to make?
Leaving a company where the CEO was both my manager and one of my closest friends on the planet (and still is). We made a formidable team. It’s unusual to be able to work with someone so closely who almost knows you better than you know yourself.

When I was leaving I felt like it was betraying them. I shouldn’t have worried in the end, but I’ve rarely dreaded anything as much as having that conversation. It was the right career decision, but it was the hardest.

Outcomes from the National Fintech Cybersecurity Summit

http://www.computerworld.com.au/article/599720/outcomes-from-national-fintech-cybersecurity-summit/


Last week an assembly of Australia’s who’s who of cyber security came together for a roundtable in Sydney. The event was organised by CSIRO’s Data61 and Stone & Chalk with partners KPMG and the Australia-Israel Chamber of Commerce (AICC).

This roundtable, was chaired by Australia’s Chief Scientist Dr Alan Finkel, and the discussion well moderated by Tony Jones from the ABC.

In an interview with Computerworld Australia, Alex Scandurra, CEO of Stone & Chalk, shared his reflections on the event and its outcomes.
A key theme that emerged time and again in the inaugural National Fintech Cybersecurity Summit was the criticality of collaboration – a point echoed by both key Australian and international corporate and cyber security leaders.

This event, which included industry, fintech, government, universities and thought leaders, was a first cyber security-focussed meeting of such a diverse group of stakeholders in Australia and indeed globally.

Both startups and corporates have acknowledged that collaboration in the past has been difficult and that a number of things need to change such as procurement processes and legal frameworks to make collaboration between big and smaller parties a lot easier.

Q&A
Alex Scandurra was kind enough to reflect on the day. Here are his reflections and responses after the event:

What are the next steps after the cyber roundtable and what do those who participated need to do to move the conversation forward?

We will be producing and sharing a report highlighting some of the key topics of conversation and themes that emerged from the summit and roundtable, and sharing in more detail our proposals for phases 2 and 3 of our Joint Fintech Cyber Security Innovation Program.Several organisations across defence, government, the private sector and research have expressed deep interest to participate in our program.

The intention is that phase 2 will consist of a national design challenge providing commercial opportunities for cyber security startups to collaborate with large organisations. This will be a key precursor to launching our Joint Cyber Fintech Security Innovation Lab.

The lab will bring several startups together to participate in a series of commercialisation opportunities driven through existing demand and areas identified for capability enhancement.The program and lab are proposed to be the leading fintech node within the federal government’s recently announced Cyber Security Growth Centre and national strategy.

Our program will help reduce the time it takes startups to commercialise and scale new innovation and we will be simultaneously helping corporate participants become ‘startup-ready’.

What is your general reaction to the roundtable? What were your key takeaways?

We were thrilled and humbled at the same time with both the very high quality and seniority of leaders from across the country and world as well as the sheer number that attended. We had close to 50 people attend in what was a very packed room full very engaged and passionate people that represented the who’s who of the industry.

Several people remarked that they wished the discussion could have gone on for longer despite the two hours already spent. We will be definitely having a follow-up meeting to start to zero in on key capability and opportunity areas we may wish to focus on in as well as in identifying the organisations across the full spectrum that are interested in participating.

What role do you think the roundtable will play in the development of Australia's cyber security ecosystem?

We think this is where the rubber will hit the road. There are clearly a lot of pockets of innovation in cyber security happening across Australia where some great work is being done. Some are in research institutions, some within corporates and defence and some across the cyber security startup community.

What we don’t have is a way that all these can be brought physically together in a structured program grounded in needs based commercialisation. The roundtable will play a key role in helping to shape, co-design what the program looks like and co-deliver with key startups and investors.

We will be looking to key roundtable participants potentially also form part of our brains trust.

My takeaways
While I’m a massive believer that this is the right thing to do, we should however temper our expectations that this will be have a quick payback.As Australia moves into positioning itself as a digital nation, being a strong cyber security player is 100 per cent complementary with this ambition.

Having grounded expectations is necessary and I would expect that this will be the first of many engagements that include industry, government, academia and innovation incubators.To me it is not important ‘who’ is driving this, but more critical is that we agree ‘how’ we get to this destination.

Do we need more immigrants for cyber security gaps?

Do we need more immigrants for cyber security gaps

http://www.cso.com.au/article/597070/why-we-need-more-immigrants-cyber-security-gaps

There is an undeniable shortage of Cyber Security resources in Australia and the short-term answer has to be to bring talent in from other countries.

My proposal is that we have to re-evaluate our immigration policies and make this process easier. Fortunately for skilled professionals, they can choose to work in about any country that they want. Such is the global supply issues that are in play.

Immigrate to Australia?
In Australia we have a complicated process that on first blush, has to be difficult for non-english speakers. The employee nominated scheme would appear to be the best approach to get someone that is a known talent into your organisation. Effectively you are sponsored in this instance and with the right skills and experience – it is as simple as pressing a button.

To take the 457 skilled temporary visa approach gives you 4 years in Australia, assuming that you fit the criteria.

What are the priorities?

Using the Australian Federal Government Skillselect process, there are specific skills that are identified by industry bodies. At present these are the listed ones:

	ACS
Systems Analyst	261112
Analyst Programmer	261311
Developer Programmer	261312
Software Engineer	261313
Computer Network and Systems Engineer	263111

Hmmm, sorry but I don’t see Information Security or Cyber Security on this list. I have to trust that the person processing these applications can understand that when they see ‘Information Security’, then this should be given priority.

Cyber Staff are under qualified
As a result of the shortage of talent and seeming difficulty to bring in new staff from outside of Australia, we have seen CISO and CIO’s instead tapping into adjacent skills in the resources. There are transferrable skills that can be re-trained from network administrators, system administrators, and programmers.

While I understand the pressure to use this approach, this has the resulting effect that these critical roles staffed with resources that are not qualified for the job.
How bad is this issue? Is this an exaggeration and we should actually focus on real issues at hand??

Actually it’s worse than you think
In a recent study State of Cybersecurity: Implications for 2015”, fewer than 25% of cyber security applicants are qualified to perform the skills necessary for the job.

Taking this in plain english - 75% of staff in cyber security are effectively learning on the job.

The longer term implication is that enterprises are not ready to address the harder issues, and these are postponed or simply delayed. Perhaps we have just been lucky that hackers have been making bigger impact breaches elsewhere?

But real the frightening prospect, is that our under trained staff just are not able to detect these breaches and the 200 days average may indeed be longer in Australia.

The Inside Lane
Just to end on a ‘darker’ note, with a global shortage of staff it is actually easier for rogues to be accepted into an organisation as a new hire. Our screening processes have to be increased and referencing made even more robust.

 

In our frustration to hire we take on rogue outsiders, who are just pretending to be ‘white’ hat.Once a low-key rogue is on the inside, then the risks increase exponentially.

We need to address our cyber security gaps and this will need to be comprehensive approach using education and training to grow our own. Also a more concerted campaign to attract cyber security talents to move permanently to Australia.

Grow your Own
Growing our on base of talent has to be the medium and longer term answer. We will need to develop and mentor this talent, while at the same time ensuring that they don’t become arrogant given all the hiring attention that they will receive.

The stakes are high in a digital world, and Cyber Security is as much an enabler of the business as Agile Development. Once we realise this, we will then give the appropriate level of focus this issue deserves.