continuous verification

Continuous Verification, AKA Just Doing DevOps

Thursday, January 14, 2021

There are several ironies about DevOps that can sometimes cause confusion or perhaps take attention away from what really matters. Take “Shift Security Left” for instance.  Yes, it’s cheaper and safer to catch errors before they get into production and, yes, developers should take more responsibility for the quality and security of their code. No one …

Kiuwan web application security blueprint

Create a Web Application Security Blueprint

Monday, January 04, 2021

The best way to make web applications secure is to include security at every step along the development process, from requirements analysis, to design, to implementation and testing, and into maintenance and update phases. To that end, it’s wise to consider a kind of “security blueprint” as part and parcel of how you work through …

benefits of test management

Understanding the benefits of test management and BDD

Thursday, December 24, 2020

Teams have been testing software for as long as software has existed. With the increased adoption of continuous integration and delivery, automated tests are becoming essential. Behaviour-driven development (BDD) is a modern approach to developing software that grew out of Agile and test-driven development. Most teams/organisations can benefit from test management and BDD, but BDD …

Cloudbees software delivery management

CloudBees Launches Two New Software Delivery Management Modules

Thursday, December 17, 2020

During DevOps World 2020, attendees heard about CloudBees Software Delivery Management and its upcoming availability. Well, today we make good on that promise. CloudBees is excited to launch two new Software Delivery Management capabilities that help engineers balance their team’s time to maximize software delivery speed, predictability and overall health. CloudBees Software Delivery Management has removed the headache of …

Code City by Richard Wettel

Visualize Code with Software Architecture Diagrams

Thursday, December 10, 2020

The source code is the design. This famous motto means that no matter how many diagrams you draw and discuss with your colleagues, what matters is how the existing source code is actually structured. The need for visualizing code It is important to distinguish between the static view of code (how classes depend on each other in …

SAST and DevSecOps

The Role of SAST in DevSecOps

Thursday, December 03, 2020

Most people involved in the process of creating and deploying software applications today are familiar with DevSecOps, which integrates security and operations into the software development process. In figurative terms, we think of the software development lifecycle as a timeline, starting with the design on the left and the deployment (and post-deployment activities) on the right. …

software modularity

Modularity Parable and Software

Thursday, November 26, 2020

In his seminal book, The Sciences of the Artificial, Herb Simon describes the parable of watchmakers named Hora and Tempus. They built watches out of 1000 parts. The watches were of the highest quality – as a result, they were often interrupted by customers calling up to place orders. However, they built watches using different techniques. Tempus …

Grammatech binary code analysis tool

Open-source Tools for Binary Analysis and Rewriting

Thursday, November 19, 2020

Unfortunately binary-only software is unavoidable; dependencies of active software projects, firmware and applications distributed without source access, or simply old software whose developers are no longer drawing pay checks (or drawing breath). Consequently binary analysis and rewriting are topics of perennial interest to security and software engineering researchers and practitioners. Binary analysis enables the review of …

MethodInterceptorAspect Class Inheritance Diagram

When your brain can’t handle the complexity: NDepend and PostSharp

Thursday, November 12, 2020

The size and complexity of codebases have exploded in the last decade. What can you do when your codebase no longer fits your brain? In this article I’ll suggest two completely different tools: NDepend to visualize the code, and PostSharp to reduce its complexity. Since PostSharp is itself a complex codebase, we’ll use NDepend to …

Firmware vulnerabilities

What Makes Firmware Vulnerabilities So Deadly?

Tuesday, November 03, 2020

Simply put, firmware is low-level software usually stored in a near-silicon form (ROM, EEPROM, or flash memory) that is used during the initial steps of bootstrapping and starting up a computer, printer, or some other kind of electronic device. Alternatively, firmware may serve to drive device-level communications with other components in a computer or other …