This talk outlines the challenges of maintaining system stability in fast‑moving, cloud‑native financial services, describes a risk‑identification model, high‑fidelity fault simulation, and a comprehensive stability engineering platform, and shares future plans for automated, data‑driven risk mitigation.
The article details China Postal Savings Bank's successful DevSecOps assessment at the 2023 GOPS Global Operations Conference, sharing the bank's project background, interview insights on culture, processes, and tooling, and outlining the benefits and future plans of adopting standardized DevSecOps practices.
The article explains how continuous delivery keeps software always releasable while continuous deployment automates the actual release, discusses the trade‑offs of release frequency, risk, feedback types, and business considerations that guide the decision of when and how to push changes to production.
This article explains why software developers need solid project management skills, outlines common pain points such as inaccurate effort estimation, dependency delays, and quality‑efficiency trade‑offs, and provides practical guidance on progress, quality, and risk management—including work breakdown, dependency handling, code review, testing, logging, and risk mitigation—to help engineers deliver projects on time, with high quality, and with minimal surprises.
This article provides a comprehensive technical analysis of ChatGPT, covering its cognitive model, model‑as‑a‑service architecture, front‑end integration, internal structure, API design, engineering challenges, risk‑aware AGI development, and future outlook for AI‑driven software engineering.
The article teaches developers essential project‑management skills—schedule, quality, and risk management—by explaining why coordination matters, outlining common pain points, and detailing practical techniques such as two‑day task decomposition, code‑review standards, and systematic risk identification and mitigation to become reliable, results‑driven partners.
This article provides a comprehensive guide on handling insufficient testing time, improving test submission quality, and enhancing QA capabilities through systematic checklists, clear standards, risk management, and automation tools to ensure reliable software delivery.
This article offers a comprehensive overview of chaos engineering, explaining its definition, why it is needed, the value it brings, a detailed step‑by‑step practice workflow—including preparation, execution, recovery and review phases—typical drill scenarios, key assessment metrics, and risk‑control measures to improve system reliability and high‑availability.
The presentation outlines Xiaohongshu’s comprehensive community anti‑cheat strategy, defining cheating risks across industries, mapping the black‑gray ecosystem, and detailing a five‑module framework—risk perception, capability building, identification, mitigation, and evaluation—implemented via layered data architecture and multi‑stage detection to protect platform integrity.
This article explains the cause of unexpected Flink job restarts caused by ZooKeeper zxid overflow, details how the zxid works, why overflow forces a new leader election, and presents practical risk‑management and alerting solutions to avoid business loss.
The article explains why software supply chain security is increasingly critical, introduces the SLSA (Supply‑Chain Levels for Software Artifacts) framework and its three trust boundaries, outlines common risk points from code commit to package distribution, and discusses mitigation strategies such as mandatory code review, robot‑account controls, and automation.
This article introduces the Ant Group and Tsinghua University’s Financial Big Data Anti‑Fraud Technology Whitepaper, outlining the new legal context, fraud characteristics, and a three‑stage detection framework that leverages multi‑dimensional graphs, trustworthy AI, and data security to improve pre‑, during‑, and post‑transaction risk management.
This article defines enterprise‑grade SaaS, contrasts it with consumer products, and presents a comprehensive framework for product, data, and system stability—including isolation requirements, SLA metrics, risk modeling, mitigation plans, and continuous review—to help SaaS teams deliver dependable services.
In a detailed interview, senior engineers from China Agricultural Bank explain how their mobile banking payment and micro‑loan platforms passed the CAICT DevSecOps Level‑2 assessment, outlining the cultural, process, and technical measures—such as integrated security testing tools and cross‑department collaboration—that boosted security, efficiency, and digital transformation.
This article explains what constitutes an IT disaster, outlines the three main disaster types, defines disaster recovery, and details the twelve essential components of a comprehensive disaster recovery plan to help organizations maintain continuity and protect critical assets.
This article compiles real-world examples and practical guidance for identifying, assessing, and mitigating risks throughout the game development lifecycle, offering QA teams concrete strategies for risk definition, early estimation, and handling of demand, quality, process, testing, and operational challenges to improve overall risk management.
The article outlines a complete testing workflow for an activity lottery feature—from requirement evaluation, design, and case creation using equivalence and scenario‑based methods, through execution, gray‑release verification, and post‑release monitoring—emphasizing risk analysis, stability governance, rate‑limit safeguards, and financial loss prevention to ensure reliable, high‑quality releases.
This article examines the evolving scope, standards, objects, concepts, and demand of security risk assessment, outlines a four‑stage assessment workflow, and discusses how to close the assessment loop and make dynamic decisions amid changing regulations and external threats.
At the CIS 2022 Cybersecurity Innovation Conference in Shanghai, ZTO Express’s security chief shared practical strategies for data security governance, highlighting legal compliance, management vs. technical controls, and the emerging role of privacy computing in sustaining business operations.
This article analyzes Baidu's risk‑driven delivery approach, detailing how machine‑learning models identify, control, and decide on testing risks, replace manual judgments, improve test efficiency and quality, and deliver measurable savings and bug interceptions across large‑scale software projects.
Baidu’s risk‑driven delivery system applies a machine‑learning quality‑assessment model that automatically identifies, controls, and decides testing risks across over 50 features, enabling precise test selection, intercepting hundreds of bugs, cutting test waiting time from 50 to 2 hours, and paving the way toward fully automated intelligent testing.
This article introduces the Digital Transformation Framework (DTF), a reference model that helps organizations define, model, price, and plan digital strategies by integrating business, financial, and technical dimensions, while addressing risk, cultural change, and implementation pathways.
This post‑mortem reviews a chaotic multi‑person live‑audio incident, detailing its background, symptoms, timeline, root causes, and the improvement plan, offering practical insights for better release planning, gray‑release strategies, and risk awareness in software operations.
In a CIS2021 conference talk, Tencent Cloud’s product security lead outlines the company’s DevSecOps journey, detailing challenges of heterogeneous infrastructure, a risk‑introduction workflow, multi‑stage security evolution, tool integration, metrics, and open‑source governance practices.
Neglecting AI ethics and governance can expose companies to severe public‑relations crises, biased outcomes, regulatory penalties, unexplainable systems, and employee disengagement, ultimately threatening both societal trust and business sustainability.
The article analyzes the impact of the U.S. ban on high‑end GPUs for China, explores the emergence of a separate Chinese IT stack, and offers pragmatic strategies for enterprises to gradually replace foreign components while managing costs, product maturity, and ecosystem gaps.
This document outlines a detailed Service Level Agreement (SLA) framework covering quality service standards, management processes, testing capabilities, tool support, resource management, measurement systems, risk handling, and continuous improvement to ensure consistent delivery and customer satisfaction across IT operations.
This article recounts a real-world incident where a junior engineer mistakenly uploaded production data to a pre‑release environment, analyzes the root causes, outlines concrete process improvements, and highlights broader lessons on risk‑aware development and the importance of holistic business‑logic security.
The article outlines Ant Financial’s evolving mobile endpoint security strategy, detailing three development stages, the challenges of balancing security with user experience, risk pre‑emptive control, and privacy compliance, and introduces the AntDTX trusted middleware that integrates hardware and software for cloud‑edge collaborative risk mitigation.
This article outlines the current state of network security in China, the government's strong emphasis on it, the legal framework, the necessity of incident response, detailed emergency‑response procedures, Ziru's own security program, and three illustrative case studies including Log4j2, a 2021 drill, and a FastJson vulnerability.
The article outlines comprehensive quality‑assurance approaches for technical improvement projects—such as large‑scale refactoring, architecture upgrades, and migrations—by emphasizing risk‑driven planning, automated testing, business‑centric reviews, non‑functional requirement validation, and continuous knowledge sharing.
The article describes how Ant Group's AI visual anti‑fraud system, built by vision engineers, combats large‑scale QR‑code fraud targeting beverage bottle caps, detailing the black‑gray industry's tactics, the model's rapid detection capabilities, continuous unsupervised learning upgrades, and its broader applications in remote‑sensing and risk management.
The article summarizes Wei Yadong’s 2022 GDevOps Global Agile Operations Summit talk, covering the escalating threat landscape, financial industry security requirements, practical DevSecOps strategies, ICBC’s security transformation, and future trends such as security mesh, privacy‑enhancing computation, and decision intelligence.
The YoDA project tackles the growing entropy of Ant Financial's risk data platform by introducing white‑box visibility, logical abstraction, and integrated heterogeneous fusion, enabling systematic governance, cost reduction, and consistent decision‑making across online, offline, and near‑line environments.
This article examines the Capital One breach case and outlines a comprehensive six‑step framework for enterprises to develop, implement, and continuously improve security awareness training, covering legal foundations, project planning, material preparation, execution scheduling, performance tracking, and post‑training optimization.
This talk explains how to use semantic-driven captcha mechanisms to classify and manage trusted versus untrusted traffic, detailing anti‑fraud strategies, flow identification, countermeasures against simulator and protocol cracking, and proactive updates to stay ahead of black‑market attacks.
The article emphasizes that operations teams must treat data with reverence, outlining comprehensive backup strategies, routine file‑system maintenance, database and big‑data safeguards, disciplined release processes, and meticulous change‑management practices to mitigate risks and ensure system stability.
The article analyzes the rising threat of open‑source components, explains Software Composition Analysis (SCA) and SBOM generation, outlines the three‑stage process for building an in‑house SCA capability, discusses practical challenges such as data quality and integration, and looks ahead to future standards and open‑source tools.
This article explains Baidu's evolving inspection scheduling system for its smart mini‑programs, detailing the challenges of massive page volumes, the V1.0 offline architecture, the V2.0 real‑time enhancements, resource constraints, deduplication logic, and the measurable improvements in risk detection and ecosystem health.
This article presents a detailed overview of data security governance in China, covering policy milestones, major security incidents, current challenges, a three‑layer governance model, practical workflow steps, classification methods, emerging zero‑trust concepts, and real‑world case studies, offering actionable insights for organizations seeking robust data protection.
This article explains the importance of conducting full‑link load testing in production environments, outlines the evolution and solution architecture, describes key technologies such as traffic coloring, data isolation and risk control, and shares practical implementation steps and customer case studies from Alibaba.
The article outlines comprehensive quality assurance approaches for technical improvement projects, highlighting risk-driven processes, automated testing, business perspective integration, and the importance of addressing non‑functional requirements to ensure stable, reliable system upgrades.
This guide explains how to craft a test plan or strategy by weighing implementation, maintenance, and monetary costs against benefits and risks, offering practical questions, coverage considerations, tool choices, and process recommendations to help teams achieve optimal testing outcomes.
The article explains how business capability modeling provides a technology‑agnostic framework that aligns IT strategy with business goals, helps identify redundancies, manage risks, support mergers and innovation, and offers a four‑step method to build effective capability models.
The article outlines Ant Group's multi‑stage journey of building large‑scale distributed system stability, describing architectural evolutions, risk‑inspection mechanisms, high‑availability solutions such as LDC and fine‑grained traffic scheduling, and intelligent risk‑defense products that together enable resilient, cost‑effective operations.
The article explains the origins and four quadrants of technical debt, outlines its detrimental effects on software quality and maintainability, and offers practical approaches—including daily debt management, clear technical standards, continuous technology monitoring, visualization, and sustained investment—to identify, prioritize, and reduce technical debt in development teams.
This document presents Ant Financial's comprehensive coding standards covering concurrency control, idempotency, state management, object handling, SQL practices, time handling, exception safety, code quality, architecture design, middleware usage, data quality, production change procedures, emergency response, and client‑frontend considerations to ensure robust, secure, and maintainable backend systems.
This article examines how startups can harness massive pre‑trained AI models such as GPT‑3, outlining the historical context, benefits of transfer learning, the steep costs and data‑alignment challenges, and strategic considerations when using cloud APIs versus self‑hosting.
The article details China's new AI model risk governance regulations, the CAICT 2021 GOLF+ IT Governance Forum, Tongdun Technology's successful maturity assessment for financial gambling‑fraud risk models, and insights from executives on implementation challenges, benefits, and future plans.
China’s new AI model risk‑governance maturity assessment, unveiled at the 2021 GOLF+ IT New Governance Forum, showcases regulatory‑driven standards, highlights Du Xiaoman Financial’s successful evaluation, and outlines a comprehensive framework that enterprises can adopt to ensure safe, fair, and compliant AI deployments.
The jointly authored whitepaper by China Software Testing Center, National Information Center, and Ant Group introduces a data security composite governance model, detailing strategic, managerial, and technical dimensions, multi‑view security measurement, and practical implementation guidance for enterprises under the new data security law.
This article explains what technical debt is, why it matters, and provides practical guidance on avoiding blame, discussing risks, prioritizing work with techniques like delay cost and ICE/RICE, and implementing concrete strategies to allocate effort and reduce debt in software projects.
The article analyzes common reasons why defects escape testing and appear in production—ranging from missed test cases and environment differences to incomplete releases—and offers a step‑by‑step checklist of practices to improve testing, release processes, and risk mitigation.
This article surveys notorious software bugs—from payroll overpayments and Excel gene‑paper errors to the Ariane 5 launch failure and the 1983 Soviet nuclear alert—showing how coding mistakes can cause massive financial loss, endanger lives, and even threaten global security.
This article shares a senior CTO’s journey through Alibaba and Ant Group, detailing how commercial goals and technology co‑evolve, the pivotal architectural decisions, risk‑management practices, organizational design, and leadership principles that shape effective technology leadership.
This article explores core project‑management concepts—scope, time, cost, quality—and dives deep into the RACI model, the “Main R” role, risk sources, and practical strategies for balancing responsibility, communication, and risk control in software teams.
This article explains how the Business Model Canvas can be adapted into a Project Management Canvas for agile inception, detailing its nine modules, when to create it, how to interpret each module, and step‑by‑step guidance for building and continuously updating the canvas throughout a project's lifecycle.
This article introduces essential project management concepts, including the five process groups, demand review, risk identification, scheduling, and reporting, to help software developers improve coordination, communication, and overall efficiency in their development workflows.
This article presents a comprehensive Digital Transformation Framework (DTF) that defines digital concepts, outlines a reference model for modeling and pricing digital strategies, explains its building blocks, risk and economic evaluation, and demonstrates its integration with enterprise architecture and SAFe for effective business transformation.
The article details Youzan’s Return Shipping Fee insurance service, explaining its consumer and merchant benefits, end‑to‑end workflow, integrated risk‑control mechanisms, insurance‑product specifications, and a layered technical architecture—business, domain, component, and dependency services built with domain‑driven design—to enable scalable, reusable e‑commerce insurance solutions.
This article introduces a practical three‑question thinking framework and five guiding principles that help developers and product teams clarify goals, assess current status, and design effective implementation paths, ultimately improving productivity and reducing wasted effort.
This article explains the importance of software architecture, defines its evaluation process, outlines a step‑by‑step workflow, introduces common evaluation methods such as ATAM, ARID, and ADR, and discusses typical risks and mitigation strategies for successful architectural assessments.
This article shares practical experiences from building a zero‑to‑one information security management system for enterprises, outlining common security challenges, the role of such systems in risk governance, and detailed implementation approaches including security policies, penalty mechanisms, and management operations to achieve closed‑loop risk mitigation.
The article explains how eBay protects its global payment system using a graph‑neural‑network driven risk management framework called xFraud, which combines heterogeneous graph sampling, node‑type encoding, attention mechanisms and dynamic‑graph extensions to detect and explain both individual and organized fraud patterns in real‑time.
BytePush introduces a quality assurance platform that automates risk detection, streamlines QA and R&D collaboration through customizable cards, database ORM improvements, and a three‑stage evolution toward intelligent alerts, saving manpower and improving release quality.
This article outlines practical shell‑script guidelines for automating system and application operations, covering script header conventions, formatting, error handling, safe use of commands, variable handling, file packaging, pipeline restrictions, concurrency locks, logging, and risk‑mitigation strategies to make automation both efficient and secure.
The article explains the importance of conducting full‑link performance testing in production environments, outlines the evolution of testing stages, details key technologies such as traffic shading and data isolation, offers practical process recommendations, and shares real‑world case studies demonstrating cost savings and risk mitigation.
This article introduces the Digital Transformation Framework (DTF), detailing its definition, structure, digital stages, and how it can be used to model, price, and implement digital strategies across enterprises, integrating risk, financial metrics, and architectural considerations.
This case study details the massive traffic and rich interactive challenges faced by Kuaishou's 2021 New Year web event, analyzes resource download, host performance, and CDN dependencies, and presents tiered preloading, offline‑package splitting, dynamic animation degradation, and domain‑sharding solutions to ensure stability.
This article connects classic Chinese idioms to software testing concepts, explaining test purpose, policies, strategies, tool usage, risk management, and improvement practices through vivid examples and practical guidance for building more reliable testing processes.
Cybersecurity’s essence is examined from multiple angles—vulnerabilities, adversarial confrontation, trust assumptions, risk management, human awareness, cost considerations, and governance—highlighting that security is not a single concept but a composite of technical, managerial, and strategic layers embodied in the CIA triad.
This article details the front‑end team's approach to rapidly delivering a government‑backed digital RMB activity, covering project characteristics, pre‑delivery preparations, data flow aggregation, UI decoupling, risk‑control tactics, module loading, deployment layering, and lessons learned for maintaining high availability.
The article outlines how agile development improves software quality, enhances team collaboration, increases project transparency, reduces risk, accelerates growth, and enables more accurate project assessment, making it a comprehensive methodology for modern, user‑centric software projects.
This article reviews nine major data breach incidents—from Clearview AI to Yahoo—detailing their scope, compromised data types, and impact, and emphasizes the importance of robust security practices for developers to prevent such losses.
This guide walks through the full lifecycle of a cross‑team project—defining collaboration, outlining the five‑stage workflow, and detailing practical steps for kickoff, requirement review, task breakdown, technical review, communication, risk control, testing, acceptance, and common pitfalls—to help PMs deliver stable, high‑quality outcomes.
In February 2020, a core operations engineer at Micro-Alliance maliciously deleted the company's production databases, causing over ten billion yuan in market loss, massive user disruption, and a six‑year prison sentence, while highlighting broader industry risks and the need for stronger security controls.
In this reflective article, a former front‑end expert at Alibaba shares half a year of personal growth, detailing how he learned to challenge authority, improve mature technical systems, manage project risks, communicate effectively with product designers, and build professional credibility as a project manager.
This article explains how JD Cloud builds a multi‑layered, end‑to‑end security architecture—including five defense layers, four implementation stages, three guiding principles, and two key focuses—to protect high‑traffic e‑commerce events such as 618 and 11.11 from attacks and ensure stable, safe operations.
A project manager recounts how poor quality focus, insufficient team oversight, lack of design, uncontrolled requirement changes, and missing code reviews led to a disastrous rollout, and shares the corrective actions and key lessons to avoid similar failures in future software projects.
By incrementally routing module‑specific requests through Nginx to a new static front‑end while keeping backward‑compatible APIs, the Vivo Mall team transformed a monolithic 2015 platform into a fully separated architecture, achieving over tenfold front‑end release speed, doubled development efficiency, and a solid foundation for multi‑channel expansion.
This article walks through the complete design of a medical‑aesthetic consumer‑credit platform, covering market analysis, strategic positioning, business object definition, core process modeling, functional architecture, front‑end/back‑end interaction, prototype sketches, and key fintech terminology, offering a practical roadmap from concept to MVP.
This article explains the importance of security testing, outlines where to start, and details a step‑by‑step security testing workflow covering requirement analysis, static code scanning, third‑party component checks, data masking, permission checks, XSS, SQL injection, privilege escalation, file upload/download, server port scanning, and business‑specific test cases.
The article analyzes the 2012 Knight Capital Group disaster, showing how a manual deployment error, lingering legacy code, missing kill‑switch, and inadequate monitoring caused a $4.6 billion loss within 45 minutes, and extracts key DevOps best‑practice lessons to prevent similar failures.
Drawing from years of project experience, the author outlines ten common factors—ranging from unattainable goals to inexperienced managers—that consistently lead to project failure, and suggests that even a single misstep can doom a project.
This article expands on risk management by detailing practical methods for risk identification—such as silent brainstorming and risk breakdown structures—and presenting a combined "1‑2" approach, while also outlining sustainable risk monitoring mechanisms like daily briefs and a case‑library for agile teams.
The article explains Meituan's MySQL inspection framework, covering its design principles, three‑layer architecture, inspection items, automation workflow, and operational results that reduced hidden risks and improved database stability.
The article outlines the importance of defining security requirements within business context, presents the Security Requirements Vision (SRV) components, describes strategic security architecture principles, differentiates security governance, management and operations, and details formalizing security processes with ownership, documentation, integration, roles, and automation opportunities.
Xianyu mitigated lottery‑related financial loss by centralizing rights management, decoupling UI from business logic, and providing a unified SDK with simple draw APIs, while adding real‑time log backflow, comprehensive accounting and monitoring, cutting configuration time by over 50 % and eliminating UI‑only risk.
Facing unprecedented traffic during the 2020 618 shopping festival, JD Health’s product R&D team implemented comprehensive rehearsals, stress testing, architecture reviews, dual‑channel risk controls, and 24‑hour monitoring to ensure system stability and rapid response for its health‑care e‑commerce platforms.
This guide explains why companies outsource software testing, outlines key factors such as outsourcing models, geographic location, service agreements, flexibility, and quality improvement, and provides a step‑by‑step process for investigating, interacting with, and selecting the right testing service provider.
This article examines Meituan's custom rule engine Zeus, detailing the security challenges of a massive multi‑service platform, the architectural decisions made to decouple risk logic, the implementation of reusable factors and rule groups, and the ongoing push toward automated, intelligent risk mitigation.
This article explains core project‑management concepts—team collaboration, clear boundaries, effective communication, and risk handling—using football analogies to illustrate how project managers can lead multi‑disciplinary teams toward successful outcomes.
The article examines how project management and agile methodologies were applied to China’s nationwide COVID‑19 response, illustrating initiation, planning, execution, risk and stakeholder management, iterative delivery, transparency, and continuous improvement through concrete examples and a structured framework.
This article explains the anti‑fragility concept, illustrates how cloud‑based systems become increasingly vulnerable to unexpected events, and offers practical strategies—including risk reduction, choice diversification, proactive experimentation, and biologically inspired resilience—to transform operations and turn shocks into opportunities.
This article shares practical project‑management secrets from Alibaba Entertainment's PMO, outlining how to structure, coordinate, and execute massive online campaigns remotely by focusing on clear goals, right people, solid plans, effective mechanisms, and thorough retrospectives.
Yazan’s SaaS platform maintains 99.99% uptime through robust IaaS infrastructure, dedicated DBA and network teams, while defending against DDoS attacks and data breaches with ISO‑27001 and CSA C*STAR‑aligned security controls, employing multi‑cloud real‑time and cold backups and offering compensation for outage‑related business impacts.
After the Chinese New Year, Ant Financial’s senior product expert Zhang Wen shares a detailed account of his daily remote‑working routine, the communication and planning challenges posed by the pandemic, and the tools and processes his team adopted to maintain product delivery and collaboration.
The 2018 TSB bank migration disaster, which corrupted data for 13 million customers and cost billions, illustrates how inadequate testing, overly complex system integration, and poor change‑management practices can cripple banking IT operations and highlight the need for rigorous operational risk controls.
The Beijing High People’s Court’s landmark 2019 ruling in Digital Heaven v. Yuzu, China’s first GPL‑related lawsuit, rejected Yuzu’s claim that three HBuilder plugins were GPL‑bound derivatives, ordered RMB 710,000 damages, and highlighted both growing judicial recognition of the GPL and the need for companies to isolate, analyze, and manage open‑source components to avoid copyleft liability.
This article explains the concept of risk, outlines the five key elements of risk management, provides practical templates and examples for identifying and responding to common project risks, and shares a case study with actionable lessons for improving risk handling in agile development teams.
