Seer (9 page)

Read Seer Online

Authors: Robin Roseau

BOOK: Seer
10.1Mb size Format: txt, pdf, ePub

“You have a mobile version?” Warren asked.

“No,” said Kent, the technology officer. “The mobile developers are our experts in what the software should do. They’ve been with us since inception.”

I wondered if the entire product hadn’t been their idea, but they’d lacked the skill and financing to build the company. I wrote a brief note saying, “Mobile
dev equity position?” and slid it to Aubree.

She looked at it and wrote back, “Good question. Not your problem.” And I nodded to her.

Monty was clearly a salesman, and he was deeply interested in selling us his company. He gave the full court press to Solange, and she let him. I wanted to know what the technology platform was, but I held my questions.

Lunch arrived, and
conversation turned less formal while we ate. As soon as the Sales VP was finished with his meal, he stood up and said, “The rest of you, keep eating. I thought I’d give a demo.”

He didn’t give a demo. He gave another sales pitch, clearly designed for corporate decision makers. As a techie, I was unimpressed. I already could see the value in what they supposedly did, but I wanted to see the limits. Twenty minutes into the talk, Aubree leaned over and whispered into my ear, “Ask questions.”

I smiled at her and gestured with my nose to Solange.

“Her idea,” Aubree added.

So I raised my hand.

The salesman went on for another thirty seconds. I stayed there with my hand in the air. Finally he said. “Yes? Miss
…”

I stood up. “Sidney Welsh. So, I have my new iPhone app, and I want to run it through your software to look for the sort of trouble the compiler won’t find.”

“Yes,” he said, and he went back into his sales pitch. I hadn’t even gotten to my question, so I remained standing. When he continued to ignore me, I raised my hand again. Finally he stopped and said, “Yes, Sidney?”

“The program represents my intellectual property,” I said. “When I submit it, I might be a little worried about what is going to happen to it. How do I know it’s safe? I wouldn’t want anyone to be able to steal it.”

“We conform to all the security standards,” he replied with a moue. From the corner of my eye, even I could see the CTO was unhappy with that answer. Bertram then went into a spiel about cloud computing and how all the big companies are moving to it.

I still didn’t stand down, and I was tired of being ignored. “Which security standards?” I asked.

“Excuse me?”

“I would like to know which security standards I can count on before submitting my life blood to your web site.”

“Well…” he said. “All of them, of course.”

“All of them?”

“Yes. All of them. We are very careful with your program.” He then went back to talk about cloud computing, but I interrupted.

“Can you list a few specifically, please?” I said. “I really am very careful. My programs represent my livelihood, and I want to be sure
it’s safe.”

The salesman looked annoyed. “All. Of. Them.”

“So… ISO 27001, I presume?” ISO 27001 was a security standard, one I’d expect them to follow if they were serious about security.

“Yes, of course.”

“SAS-70?” That one was for data centers.


All of them,” Bertram insisted.

“Are your servers located in a Tier
Three data center?”

“Absolutely.”

The CTO was still shaking his head. The company president looked annoyed with me. Perhaps in his company, women are seen and not heard.


HIPAA?” I asked. “That’s an important security standard.” HIPAA are the standards used for protecting personal information like medical information. There was absolutely no reason at all for them to follow it, except when dealing with their own employees.”

“Yes.”

“And H-701?” I asked. “Do you have certification from Hazel Software Services for H-701?” Hazel Software Services was my company, and there was no H-701.

“All of them, including
HIPAA and H-701.”

“Both parts A and B of H-701?” I asked.

“Refresh my memory. Which one is A and which is B?”

“A is used to validate the hardware microinstructions of your servers to ensure no
nano-scale viruses can cause bit decay leading to a security breach. It is actually far more invasive a test than Part B. B is a validation of your source control bug tracking validation suite to ensure proper integration with your physical security monitoring to verify your QA staff logs all third level bugs using an industry standard messaging protocol. Most companies who certify with H-701 start with Part B, as A requires disassembly and reassembly of your core processors, which can be time consuming.”

It was the worst technical bullshit that had ever been spewed from my mouth.

“Oh, right. We have Part B certification. A is pending and is due in a few weeks.”

“Thank you, Bertram,” I said sweetly. I sat back down. I waited for him to start babbling again before I leaned over to Aubree. “Asshole. Can we cut this short and get to someone who isn’t going to lie to us?”

She whispered back, “Solange wanted to see. HIPAA? You asked about HIPAA?”

“His CTO is right here,” I whispered back. “WTF?” As soon as I asked a question he couldn’t answer, he should have let the CTO answer.

Maybe the CTO tended to offer too much truth. If so, I was okay with that.

We put up with another twenty minutes of sales babble before Solange was able to redirect. “Perhaps we could have a tour, stretch our legs, and take a break. Maybe we could break into smaller groups. I know that Mr. Sutton is anxious to get a look at the books, and Ms. Welsh is dying for a look at the code.”

* * * *

We got a tour of the facility, including their machine room where their servers were located. The salesman had told me they had a Tier
Three data center, but this building wasn’t remotely at that level. I didn’t particularly care about their servers, but I’d been interested in seeing if he’d lie to me. He had.

I sidled next to Aubree and whispered, “Do you know what a Tier
Three data center is?”

“Yes,” she replied.

“So I don’t have to tell you when the salesman is bullshitting you?”

* * * *

It was nearly three before I finally got to meet the technical staff. Kent introduced Felix, Aubree and me to his staff of ten, all men. Because there were more of us than any other group, we got the conference room, and everyone else disappeared into various offices.

“All right,” I said, once pleasantries had been exchanged. “I want a high level overview of the technology used, especially languages and tools. I want a proper demo. Then I want to hear about your development practices and policies. Before I leave
today, I want a tour of the source code. I also want copies of any information security certifications you have, and I want copies of your conformation documentation associated with them.”

The men looked at each other uncomfortably for a moment, but then
Kent, the CTO, said to one of the guys, “John, do you want to describe our technology?”

“Sure,” he said. “We have a
true client/server application. The front end is HTML/5 compliant JavaScript. We use AngularJS for that. Calls to the server are REST, primarily written in Java, but we have sections written in Clojure.” He talked for several minutes, referencing a variety of technologies. Other than the number of programming languages they were using, it was all pretty straightforward, which would simplify my job.

When he got done, Aubree leaned over to me and asked, “Was that a proper answer?”

“Yes,” I whispered back.

I had been taking notes, and I asked several questions. John gave good answers, and I was much happier than listening to the salesman from earlier.

“All right,” I said. “Along with everything else I asked for, I want any documentation you have on your REST calls.”

John glanced at
Kent then said, “We don’t publish our REST calls.” Which meant they probably had no documentation.


Javadocs?” I asked.

“Um. Sure.” Better than nothing, depending upon how complete they were. I had a feeling I wasn’t going to be impressed.

“All right,” I said finally. “Aubree, did you have anything further?”

“Not yet,” she said. “Perhaps during the demo.”

“There was a demo earlier,” Kent said.

“Yes,” I said. “I want one where I can get answers to my technical questions.”

“We’re awfully busy here,” Kent complained.

I turned to Aubree. She was here to handle the politics.

“Kent,” she said, “Perhaps you and I can step away for a minute.” She got up and headed for the door, not even waiting to see what he did. Kent paused enough to show he didn’t answer to Aubree then followed her out into the hallway.

“I signed up with a demo account over the weekend,” I said, “and ran some small programs through your software. I was pretty impressed. You guys are to be applauded. I want to see what it can really do.” Okay, I wasn’t going to let Aubree have
all
the fun.

Aubree and
Kent were in the hall only for a minute or so. When they came back in, Kent didn’t look happy, but he said, “John, can you run a demo?”

“Sure,” John said. It took him a minute, but he used the conference room computer and soon had their web site up. He logged in and showed off the user interface features. I didn’t care about any of that. Then he showed the software providing an analysis of some simple iPhone programs. They were the same programs the salesman had used for his demo earlier.

“Very good,” I said. I smiled, held up my thumb drive, then slid it down the table towards John. He caught it before it fell off the edge. “I have six projects on there, all too large to run using a demo account. Are you able to run them and then throw the results back onto the drive?”

It took John a few minutes, during which the other staff talked amongst themselves. I watched John, and eventually he slid my thumb drive back to me. I pulled out my own computer, slipped it in, and then took a few minutes to scan the results.

I understood most of them, but I got to a few things I didn’t. “John, do you also have my results there?”

“Yes,” I said.

“I have a warning I don’t understand,” I admitted. I read the message. “What does that mean?”

John didn’t answer. Instead he turned to one of the guys. I consulted my notes. It was Theo. He was one of the mobile developers.

“It’s complicated,” he said.

“If I were on the web site directly, could I click and get an explanation.”

Theo looked pained. “No,” he said.

“If we pull up my code, can you show me?” I didn’t wait, but I found the referenced
module. Theo rose from his chair and stood over me. He read the error message again, then he squinted to look at my code.

“There,” he said. He explained the error. Then he told me what the code should have done instead.

“Oh,” I said. “I didn’t know that.” I asked for explanations of several more errors, some of which made sense when Theo explained, some of which didn’t. Several of them were just strangely-worded ways to describe errors I had intentionally inserted into my programs. In the end, I discovered several things I didn’t know I should have been doing.

“Okay, I understand. This error.” I pointed. “How did the software determine it was an error?”

They tried to explain why it was an error. “No, I get that,” I said. “But how did the software figure it out? That error is intentional, but I want to know how you found it.”

“I’m sorry,” said Theo. “I’m the mobile guy.” And with that, he returned to his chair. So I asked John to explain.

“It’s proprietary,” one of the guys said. “Why do you need to know that? The software works. You can see that.”

I let Aubree handle that.

“Brody, you understand that MetaWolf Technology has made an offer to buy Green Gulch, subject to a due diligence review. That review requires an understanding of what MetaWolf would be buying. When buying a software company, there are several things that have real value. There are the hard assets: buildings, computers, vehicles, cash in the bank, funds owed by customers, that sort of thing. Also of value is the ongoing revenue stream as well as the customer base. Oftentimes a company such as MetaWolf would buy a small company as this one strictly for inside access to your customers, although that’s not the case here. Then there is, of course, the technology involved. Does it do what it says it does? Is it reliable? Is it free of copyright and patent violations? Can it be maintained and enhanced? Lastly, there are the people involved. Each of you is an asset. We are here to evaluate all of that. Which means we need to know everything to make sure this sale is fair. MetaWolf wants to be sure they are buying what they think they are buying.”

Brody didn’t say anything for a moment,
then he nodded. “I don’t remember how we find that error.”

Other books

Dustin's Gamble by Ranger, J. J.
Earth Angels by Bobby Hutchinson
The Road to Hell - eARC by David Weber, Joelle Presby
Spellbound by Kelley Armstrong
Come the Hour by Peggy Savage