January 31, 2009 Leave a comment
January 13, 2009 Leave a comment
The NSA, with contributions from, among others, :
- Aspect Security
- iDefense Labs at VeriSign
- Oracle Corporation
- Red Hat Inc.
- Fortify Software
- Breach Security
- Security Division of EMC Corporation
- Apple Product Security
- Department of Homeland Security (DHS) National Cyber Security Division
have published a list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime.
Shockingly, most of these errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and their presence is frequently not tested by organizations developing software for sale.
These Top 25 Errors are divided in three categories:
- Category: Insecure Interaction Between Components (9 errors)
- Category: Risky Resource Management (9 errors)
- Category: Porous Defenses (7 errors)
The list will be constantly updated and augmented with resources to help combat/prevent these errors.
Full article here : http://www.sans.org/top25errors/
Full list here : http://cwe.mitre.org/top25/
January 11, 2009 Leave a comment
- I was sorting out family photos
- I came across pictures from last Christmas
- Some of them were of my cat
- I was weak
January 11, 2009 Leave a comment
What can the project do for you?
First up we have a bunch of items along the lines of “I expect — maybe demand — that management will provide me with…”
- Two monitors
- A fast PC with a crapload of RAM
- Choice of mouse and keyboard
- A comfortable chair
- Quiet working conditions
- Internet unlimited
- Freedom to install software
- The best software
- Good coffee
- Sensible working hours
- Separate Environments for dev, qa and production
What can you do for the project?
But it’s not all “take take take”.
The other side of the equation are items along the lines of “I am committed to ensuring that these practices are performed…”
- Source Control
- Continuous integration
- Track bugs
- Unit testing
- Code analysis
- Continual peer review
- Peer training
- Keep yourself up to date
- Learn to Communicate with non-technical people
January 5, 2009 1 Comment
So much of what I read is on the Internet these days. Actually almost all now I think about it, and a huge percentage of that is fed, blogged, tweeted, aggregated, dugg, posted etc. Somehow reading a book (and I mean a novel here) has become a luxury activity. It’s almost a secret guilty pleasure, selfishly consuming something just for me in a completely non-interactive, non-collaborative and very non-web-2.0 way.
My novel reading rate has slowed right down. A couple of pages every other day. I’ve become like Charlie Bucket, eking out my bar of Wonka’s Fudge Mallow Whipple Scrumptious Delight one tiny, tongue-tingling morsel at a time.
Getting into and then through a whole novel is quite an investment both emotionally and in terms of time so I’ve become much more picky about which novels I read. I’m so used to skim-reading hypertext, flitting from blog to feed to wiki, two or three threads at a time, both monitors flashing. As a result the slow, single-focused, total emersion, the suspension not only of disbelief but of the whole world around me required to get into and out of a good session of novel reading is quite a wrench.
At the moment I’m reading Anathem by Neal Stephenson and by God it’s good, but still I’m pacing myself, determined not to guzzle it down and dreading the real sense of loss, bereavement even, when it’s gone.