Develop a secured Android application

Android applications are commonly used to process very sensitive data. It is the developer’s responsibility to make sure that the information prompted by the user cannot be intercepted easily by a malicious people. The Open Web Application Security Project (OWASP) [9,10] tries to enumerate the potential security issues of a mobile application. Some of them are the system architect’s responsibility (such as issues related to weak server sides control), some are the back end developper responsibility (issues related to authentification checks) and finally, some are purely related to the mobile application. In this article we will focus on the issues which can be tackled thanks to the Android mobile developer’s action in itself.
Therefore we will address here three potential vulnerability sources : risks when we communicate with a webservice (WS), potential leak of information when we store data on the device storage and vulnerabilities of having your application easily editable by a third party.

Read more

New digital challenges in life science: the Swiss Lemanic area and beyond

The life science sector faces great challenges when the time comes to meet modern digital opportunities. This sector is incredibly dynamic, both from an economic and a scientific point of view, but innovation in the lab often comes in pair with a deep evolution in the information system strategy.

In this article, we will first focus on the Swiss Lemanic area landscape and see how the main computational trends encountered there are representative of the domain at large. We will then try to extract the most prevalent technical issues, either methodological or technological.

More importantly, we will see that life science has a particular culture and faces original computational issues. But a lot of the digital aspects are strikingly similar to those of other industries, like finance, retail or social media. Therefore, a great deal is to be learned from how companies in those sectors have undertaken their own transition towards a new digital era (and vice versa). Read more

Management 3.0: interview with Jurgen Appelo at USI 2015

Jurgen Appelo at OCTO USI Event 2015Management 3.0 is definitely a trendy topic this year and the lucky participants of the USI 2015 event could directly hear about it by its author: Jurgen Appelo.

In addition to his talk at USI, Jurgen Appelo kindly accepted to answer our questions.

OCTO: What would you highlight as new / disruptive with Management 3.0?

Jurgen Appelo: What is new is to manage the system, not the people. For example for our merit money bonus system, I don’t decide who gets how much money, I don’t see that as my job. I think the crowd knows better who has what kind of performance, so I let them make the decision together. What I do is to make sure that this process works as well as possible. That is my responsibility, introducing such an idea. This is the same for many practices traditionally used by managers with higher positions than their employees.
I don’t see it as my responsibility to use a carrot and a stick in order to get someone to perform better. My job is to set up things in such a way that people love developing their own performance.
Read more

The Web Giants: the book is being translated!

We are very proud to announce that our best-seller book “Les Géants du Web” is currently being translated into English.

cover gdw fr

The PDF version should be available for free during July, the print version should be available at the end of August on Amazon platforms.

As for the French version, we’ll publish chapters on this blog every week while you wait for the definitive version.

Stay tuned!

How to fail at code reviews – S01E01

In the previous article, we introduced a general overview of the code review practice as well as two specific formats we use in our projects.

Nevertheless, successfully introducing a new practice is not an easy task. It’s a bit like setting sail for the first time: once in the water, the first meters are always chaotic. There are lots of waves, we wonder whether it was really a great idea. Wouldn’t it be wiser to go back ashore? However, after a bit of dedication, we finally get to the quieter open sea: we just had to hold onto it.

During our code reviews, we came across several pitfalls that were detrimental and that could jeopardize code reviewing in the team.

Let’s explore, through real-life use cases*, why the first code reviews will certainly be difficult and what are the essential fundamentals to carry out successful code reviews.

Read more