JPMorgan, Goldman Order Software 'Code Freezes' Around Election (theinformation.com) 21
Top banks, including JPMorgan Chase and Goldman Sachs, are battening down their technology hatches for next week's presidential election. From a report (paywalled): Around next Tuesday, the final day of voting, JPMorgan and Goldman will both halt software updates to the retail and investment banking systems their customers use to manage accounts, The Information has learned. It's a precaution intended to minimize the risk of outages of their services during a period of potential market volatility surrounding the election. Banks have good reason to institute these software code "freezes." Faulty software updates are one of the main culprits behind online service outages. While suspending software updates is common for banks during times of heightened market volatility, this year's election could be especially turbulent, with wide fears over civil unrest and contested election results.
good time to use an zero day when they can't (Score:2)
good time to use an zero day when they can't rush an update in
Re: (Score:1)
Re: (Score:2)
Sheesh, as much as I find code freeze time a pain you can always promote an emergency fix with high enough approval.
I imagine this is true at a lot of places (Score:3)
The financial institution I'm contracted to currently has a freeze on almost all technology changes, except for routine patching. It's been explicitly said that it's because of the election.
The current freeze is through the middle of next month, but I'm beginning to hear rumors that it's going to be extended into January, which makes me wonder if they know something we don't.
Re: (Score:2)
which makes me wonder if they know something we don't.
I don't think it's something we don't know. The same uncertainty is public knowledge. Trump will not cede the election even if he lost both the popular vote and the electoral college. It won't be because of slow counting that we won't know the winner of the election on election night or even probably a week later. It could be months. Lots of opportunities for extreme volatility.
Re: (Score:2)
It's a more or less direct quote. Or at least interpretation of intentional silence on the issue.
Re: (Score:2)
Pretty Common in the Financial Industry (Score:5, Informative)
Most banks routinely have freezes on technological changes. Month-end freeze for a couple of days around the last of the month to not interrupt processing. Multiple week Thanksgiving freezes to not impact Black Friday purchasing. A freeze from the middle of December until the middle of January to protect year-end activities.
This is just a normal part of doing business.
Re: (Score:2)
And not just banks, other critical infrastructure companies too. If not for the pandemic, I've been saying that my company might as well just have ice cream parties due to how little work we can accomplish during the usual annual freeze periods.
heck, telco/data carriers have wider windows (Score:4, Insightful)
more typical for them to lock down after business Friday the week before to days after. and holidays.
why is this news? (Score:1)
Any sane company with more than 10 customers already has HAP (high awareness periods) which imply freeze for deploys unless it's for incident remedation.
Most of my employers didn't (Score:2)
Good practice. More people should do it (Score:5, Interesting)
Beyond avoiding issues related to software mistakes, it forces people to plan their releases better. It also gives us a month to reflect on our work and our process and figure out how to make the next year better. We're also realistic that the second half of December is lost. Nearly everyone is on vaca and those that aren't aren't really fully there and working 100%. There's a holiday party every week somewhere it seems and so many things to distract you, especially if you have a family, not to mention inclement weather.
Thanks to the work we do, our lines of code go down, our test coverage goes up, frameworks get upgraded, etc.
Ever engineer knows this, but few in managements seem to...that the more you focus on feature, feature, feature, the more expensive each release gets. You have to spend time to clean house, clean your code, update legacy code, etc. Because my team focuses on paying down tech debt and doing all the work that's not tied to a customer-facing feature...documentation, upgrades, making disparate code systems more consistent, removing deprecated code...we can work much faster each January and each year we put out features just a little faster than the last (we started focusing on tech debt during code freeze 5 years ago).
Every company that produces software needs to do this. They need to allocate some time to internal maintenance and not just customer features. This brings reality more in line with their expectations of productivity and ensures they can be fully productive when everyone is back in January and ready to start the year anew. Nov & Dec is the best time to do so.
Re: (Score:2)
In short, you use the code freeze time to pay back technical debt.
Technical debt is accumulated when things get squeezed - every bad choice of data structure, every quick hack done to ship on time, etc, That is technical debt. It's a debt because to repay it requires more time and effort than doing it well the first time, and accumulates interest in that the longer it lingers, the amount of effort and time goes up. It's nothing new - we refer to code bases with excessive technical debt as crufty.
With the co
Could it be... (Score:2)
Because of fear of logic bombs or other malware that could crash and corrupt the system, creating a DDos attack that could send people over the edge and further escalate an already tense and unstable political situation into all out violence?
People already have a very short fuse in regards to the election. Being denied their money, when they need it most (start of the month), would be a very good match to light that fuse.
Re: Could it be... (Score:2)
I want to add that people and orgs have become so dependent on computers, it's scary. There is no more going to the old file cabinet, or breaking out a notepad and pencil anymore. Now they can't do anything because "the computer is down" and even "the network is slow".
I say this from personal experience dealing with companies and orgs whenever they are having computer problems.
What about urgent fixes? (Score:2)
Like security holes. :P
Re: (Score:2)
Corporate SOP is that urgent/break-fix changes during a freeze window are possible, but need higher-level signoff and more paperwork to justify.
not typical (Score:2)
Most US banks do a change freeze second half of November to avoid problems around the Black Friday shopping surge, and again mid-December through first/second week of January since so many staff are taking vacation time. This is the first time in my 20+ years working tech for A Large Bank Which Shall Remain Nameless that they've called a freeze around a national election. I can only believe they expect shenanigans and want to reduce the potential exposures.