So if you& #39;re watching the #Serverless-First Function you might have just seen this slide on measuring and comparing #security between a serverless app and a "Monstrous Monolith."

Did you know there are actually numbers you can calculate and measure? 1/
Take another look at this formula from two slides previous:

Let& #39;s break down each of this components. 2/
c = each function& #39;s computational complexity

This is essential or irreducible complexity as defined by T.J. McCabe all the way back in 1976. It& #39;s a positive integer, and you can calculate it. 3/

https://ieeexplore.ieee.org/document/1702388">https://ieeexplore.ieee.org/document/...
d = each function& #39;s dependencies

This is also a positive integer (consider your main application to be the first dependency to eliminate multiply by zero reduction).

Import a library? +1

This is more challenging to compare *across* languages. 4/
r = total number of accessible resources

You guessed it - you can calculate this too. DynamoDB table? +1. S3 bucket? +1. On-premises API? +1. The important thing is that you are consistent in how you apply this for *your use case*. 5/
So now we can compare the two formulae. But what& #39;s the point? Not just to hate on monstrous monoliths, although they& #39;re awful relics and security nightmares and you should migrate away from them. Don& #39;t at me. 6/
Since I know you& #39;re gonna at me anyway, consider this.

Adding a dependency, a branching statement, or a resource to your monstrous monolith increases your risk on a **cubic** scale.

With your #serverless application that increase is linear. 7/
The point is to understand how *your* system is evolving from a #security perspective over time. Where can you apply your limited resources to gain the maximum risk reduction?

Don& #39;t guess the answer - calculate the answer! 8/8
You can follow @rts_rob.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: