Software Quality
Scrap Static Tools, just “Fix your code”?
Recently, Gary and I collaborated on an InformIT article on static analysis. you will find our observations regarding static analysis shared by others. It’s encouraging to note that Flash Sheridan observes many of the same difficulties and more formally treats them in his ISSRE ’10 publication. It’s worth a read. A few commentators shared some [...]
QA and Security: It’s not about exploits
This is a guest post from Paco Hope, Technical Manager at Cigital. I read a blog entry about “re-aligning training expectations for QA.” It has some useful points that both developers and so-called “security people” need to hear. I disagree with some implicit biases, however, and I think we need to get past some stereotypes [...]
Sharing architecture ideas with the community
We’re pleased to have a guest blogger for this Justice League entry. Michael Cohen is a Senior Security Consultant at Cigital where he is responsible for leading, assessing, architecting and implementing secure software for Fortune 500 companies. Michael also works with Cigital teams on enterprise-wide security solutions intended to improve an organization’s security posture and [...]
Janus
I was part of a panel at a university recently speaking to prospective computer science students. The panel members were from industry — a few of the biggest companies and few smaller ones. We each had ten minutes to speak before QA, so I stripped my talk down to two simple points. The first point [...]
My Reflections on Trust
I was a young Air Force lieutenant when Ken Thompson released his 1984 piece, Reflections on Trusting Trust. Assigned to a data center in the Pentagon, I was working on the B2 evaluation of Honeywell Multics with the fine folks at the National Computer Security Center and contributing some words to the growing Rainbow Series [...]
I Hate to Admit It, but Those Network Guys Are Pretty Smart
I am strong advocate of service oriented architectures. I have seen them work—not in theory, not in demonstration, but in real, deployed, mission critical applications. In sitting down to write this blog entry I was going to do yet another “SOA – Hype vs. Reality” essay. I’ve written a lot of these over the past [...]
