Mythic Monday – Bulgarian Scope Creep
There is a Bulgarian creation myth where in the beginning, the earth was just a tiny island. Cohabitating on this island were God and the Devil (guess they were more friendly then). One day, perhaps following an Oscar and Felixian roommate dispute, the Devil suggested that God take a nap, planning that whilst the almighty creator was slumbering, he could be tipped into the ocean. I guess that, in Bulgaria, one can be omnipotent and omniscient, and still somehow fail to gain their B.S.C and S.S.C..
Anyway, as the Devil attempted to push God off the island, the island magically expanded in each direction (it’s clear from this story that the Devil wasn’t omniscient), so that nary a toe got dampened. The shoreline simply grew in each direction and, by the time the Devil gave up, the island had expanded to the size of our current Earth. Which basically means that the state of the Earth today is due entirely to Devil-induced scope creep.
It explains a lot, doesn’t it?
Scope creep is a danger in all projects. It doesn’t matter whether you’re developing an application, enacting a security program or just shopping for groceries, scope creep can blow both your budget and deadline. It’s tempting when you’re working on something to just add a little piece here and there because it will make future work easier. Unfortunately for the business, integer math insists on summation, and so long as businesses are profit-focused, integer math is going to be important. From a security perspective, scope creep is additionally dangerous because it complicates things. Complicated things are harder to secure than simple things. The simpler you can keep a project, the better you can understand it, so the easier it is to secure.
Scope creep, of course, is most dangerous when shopping. A while back, I stopped by the store to pick up some basics (apples, bananas, yogurt, etc), and I noticed that winter squash was on sale… so my scope expanded a little bit and two squash wound up in my cart. Later, once I got home I realized that I had no idea what to do with them (other than the basic roast squash, which is boring). After consulting one of my cook books, I discovered that I needed a few more things. After another shopping trip that involved carrots, celery, onions, garlic and broth, I soon had two soups a simmering. Regrettably, the last step for each soup involved a blender, and the blender I had was incapable of dealing with the increased complexity of my soups. It quickly suffered what I must refer to as a catastrophic containment failure which necessitated another trip to the store to get a new blender.
All told, my initial scope creep of two impulse-bought squash cost me over a hundred dollars in ingredients and blender replacement, not to mention the ridiculous amount of time wasted in the endeavor. While I am thankful that I was able to find the blender-related security hole and believe that I have effectively mitigated the risk, life would have been much simpler had I not needed to.
I’m blaming the devil.