So if you& #39;re watching the #Serverless-First Function you might have just seen this slide on measuring and comparing #security between a serverless app and a "Monstrous Monolith."
Did you know there are actually numbers you can calculate and measure? 1/
Did you know there are actually numbers you can calculate and measure? 1/
Take another look at this formula from two slides previous:
Let& #39;s break down each of this components. 2/
Let& #39;s break down each of this components. 2/
c = each function& #39;s computational complexity
This is essential or irreducible complexity as defined by T.J. McCabe all the way back in 1976. It& #39;s a positive integer, and you can calculate it. 3/
https://ieeexplore.ieee.org/document/1702388">https://ieeexplore.ieee.org/document/...
This is essential or irreducible complexity as defined by T.J. McCabe all the way back in 1976. It& #39;s a positive integer, and you can calculate it. 3/
https://ieeexplore.ieee.org/document/1702388">https://ieeexplore.ieee.org/document/...
d = each function& #39;s dependencies
This is also a positive integer (consider your main application to be the first dependency to eliminate multiply by zero reduction).
Import a library? +1
This is more challenging to compare *across* languages. 4/
This is also a positive integer (consider your main application to be the first dependency to eliminate multiply by zero reduction).
Import a library? +1
This is more challenging to compare *across* languages. 4/
r = total number of accessible resources
You guessed it - you can calculate this too. DynamoDB table? +1. S3 bucket? +1. On-premises API? +1. The important thing is that you are consistent in how you apply this for *your use case*. 5/
You guessed it - you can calculate this too. DynamoDB table? +1. S3 bucket? +1. On-premises API? +1. The important thing is that you are consistent in how you apply this for *your use case*. 5/
So now we can compare the two formulae. But what& #39;s the point? Not just to hate on monstrous monoliths, although they& #39;re awful relics and security nightmares and you should migrate away from them. Don& #39;t at me. 6/
Since I know you& #39;re gonna at me anyway, consider this.
Adding a dependency, a branching statement, or a resource to your monstrous monolith increases your risk on a **cubic** scale.
With your #serverless application that increase is linear. 7/
Adding a dependency, a branching statement, or a resource to your monstrous monolith increases your risk on a **cubic** scale.
With your #serverless application that increase is linear. 7/