Hello, I would think that LISP, MUMPS, Smalltalk, CLIPS are all examples of "generic" domain languages. I know some ERD freaks that would say SQL done...
Yes, I see language maintenance as a key point that we will be addressing in the next decade. When we look at the linguists and their specific expertise we...
I'd like to document some rakefiles with RDoc, but the task/file/rule rake-DSL doesn't seem to be RDoc-compatible. No big suprise, but... Does anyone know...
Topic: Software Security Lecture at NKU Gary McGraw, CTO of Cigital, Inc., a software security and quality consulting firm providing services to some of the...
... The reason the directions mention this is that the first floor of the BEP building consists of two disconnected halves. If you enter from the side of the...
We don't often have meetings to bash XP, but last night's Gary McGraw gave a great talk on Software security and delivered a few jabs at our beloved Agile...
my humble .02 I didn't make it to the talk last night unfortunately, but I came across something somewhat related at a client that kind of threw me for a loop...
I would think that refactoring redundant code out of the method in question would reduce the "Attack Surface Area." Thank you, Mark McFadden M Squared Web...
The rationale I think is that then that method would have to be some what visible for the code to utilize it so it becomes another entry point to potentially...
Methods or classes that have all ecompassing functionality and aren't DRY are hard to read and figure out what they are actually doing and that makes them hard...
I agree. I just thought it was interesting that it was used as an excuse to not re-factor the code. I only meant it as an interesting anecdote(i thought so...
I think you're right. It's more of an excuse than logical reason. Any issue (security or otherwise) could be solved with a well thought out design. I wasn't...
Well, to be fair to Thomas' client, we haven't see the code in question, nor rigorously tested the security impact of refactoring vs. not in that particular...
Hmmm... It's an interesting problem... On one hand you want to manage development issues (TDD, refactoring, etc.) and on the other security issues (attack ...
... LOL. "If you don't let me re-factor/use TDD, I will be unhappy and then I will hack your code..." Something I just thought of is the excuse I was given is...
I suspect you're right. You might look for articles pointing to how DRY improves security through maintainability. You might also try a real world metaphor....
Thomas, I agree with Paul in that you raised a good point and understood that you were not advocating your client's viewpoint. There is an interesting paper...
Hey thanks for this. I just briefly looked at it just now, I'll delve deeper into it later. I think the idea of "misuse stories" is a great idea. And something...
Excellent, exactly the kind of article that will help. In my opinion, you'll still need to frame Agile solutions in terms the client is familiar with. "I...
At the meeting after the meeting last night, Jim Weirich asked about a Mac tool to help visualize where disk consumption is occurring. I wrote about this on...
Well, I certainly do appreciate all the feedback. There's no question that there are lot's of battles to choose from at this organization. I chose to go the...
... I presume these are the PCI data security standards. https://www.pcisecuritystandards.org/ ... Dynamic loading is a vulnerability, as it gives attackers...
I would like to explore this metaphor further... Wouldn't I just fix the locking mechanism (a bug) in the lock (code) and replace the 6 defective locks (via a...
... Again thanks for the help. I may have extrapolated this from the conversation(and maybe incorrectly). If I'm moving code in in such a way that it could be...
Looks like I missed out on a good discussion. With regards to the buggy software, I was thinking in terms of refactoring. So even though buggy software may...
You'd have to fix the defective mechanism in all six locks. That is, you'd have to fix the bug in six different places (via search and replace). This was...
That would be an excellent guide on how to approach security. Maybe we should all move to Norway to work with these guys! To be successful in terms of...
... Maybe a central authority and a watchdog process announcing access.[logging] I recall reading about TJMAXX getting hacked recently and it was the biggest ...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
