General Interest

Startup Lessons

Posted On October 22, 2009 by gem

Interacting with academia is an important part of what I do as CTO of Cigital. Though I have been known to lecture at Stanford, CMU, Cornell, Harvard, NC State, Purdue and a bunch of other places, I have a special place in my heart for the University of Virginia (where I studied Philosophy as an [...]

Top Eleven Reasons Why Top 10 (or Top 25) Lists Don’t Work

Posted On January 13, 2009 by gem

On January 12th, the CWE/SANS Top 25 Most Dangerous Programming Errors list was released. Sean Barnum (a Principal Consultant) participated in the creation of the list, and I did some off the record review myself (not for attribution). There are some important good things about top ten lists that are worthy of mention. The notion [...]

13 reasons for UML’s descent into darkness

Posted On June 2, 2008 by scott

My buddy Jim Menard sent me this link when we were talking about comments Don Rippert made about the futility of MDA. Don Rippert’s comments were (in summary) that by the time you got to any level of specificity in the model that the complexity of the models made them harder to follow than code. [...]

CMP (PC), 4(SP)

Posted On May 29, 2008 by scott

A recent discussion about the virtues of the Chief Programmer method motivated me to re-read “The Mythical Man-Month”. What a great book. I read it while on vacation and kept on saying to my wife “Why don’t they make all computer science and software engineering undergrads read this book?” When I came back, I asked [...]

The Inevitability of DIY

Posted On May 9, 2007 by craig

In the course of my career I have been involved in a fair number of startups. I’ve had pretty good luck, and most of them have been successful. One, however, was a complete failure. I refer to that experience as my DIY MBA. You can learn more from failure than you can from success. It [...]

My Reflections on Trust

Posted On March 5, 2007 by sammy

I was a young Air Force lieutenant when Ken Thompson released his 1984 piece, Reflections on Trusting Trust. Assigned to a data center in the Pentagon, I was working on the B2 evaluation of Honeywell Multics with the fine folks at the National Computer Security Center and contributing some words to the growing Rainbow Series [...]

Welcome

Posted On February 20, 2007 by gem

Welcome to Cigital’s brand new software security and software quality blog. That’s right, after ranting and raving in other forums for over a decade, we’ve decided to take it to the Web. Let’s call this blog “Justice League.” We’re glad you’re here. It’s customary start a blog with administrivia, and this one should be no [...]

Recent Posts

Categories

Recent Comments

Download Our Media Kit