
Continuous Verification, AKA Just Doing DevOps
There are several ironies about DevOps that can sometimes cause confusion or perhaps take attention away from what really matters. Take “Shift Security Left” for instance. Yes, it’s cheaper and safer to catch errors before they get into production and, yes, developers should take more responsibility for the quality and security of their code. No one …
Continue reading “Continuous Verification, AKA Just Doing DevOps”

Create a Web Application Security Blueprint
The best way to make web applications secure is to include security at every step along the development process, from requirements analysis, to design, to implementation and testing, and into maintenance and update phases. To that end, it’s wise to consider a kind of “security blueprint” as part and parcel of how you work through …
Continue reading “Create a Web Application Security Blueprint”

Understanding the benefits of test management and BDD
Teams have been testing software for as long as software has existed. With the increased adoption of continuous integration and delivery, automated tests are becoming essential. Behaviour-driven development (BDD) is a modern approach to developing software that grew out of Agile and test-driven development. Most teams/organisations can benefit from test management and BDD, but BDD …
Continue reading “Understanding the benefits of test management and BDD”

CloudBees Launches Two New Software Delivery Management Modules
During DevOps World 2020, attendees heard about CloudBees Software Delivery Management and its upcoming availability. Well, today we make good on that promise. CloudBees is excited to launch two new Software Delivery Management capabilities that help engineers balance their team’s time to maximize software delivery speed, predictability and overall health. CloudBees Software Delivery Management has removed the headache of …
Continue reading “CloudBees Launches Two New Software Delivery Management Modules”

Visualize Code with Software Architecture Diagrams
The source code is the design. This famous motto means that no matter how many diagrams you draw and discuss with your colleagues, what matters is how the existing source code is actually structured. The need for visualizing code It is important to distinguish between the static view of code (how classes depend on each other in …
Continue reading “Visualize Code with Software Architecture Diagrams”

The Role of SAST in DevSecOps
Most people involved in the process of creating and deploying software applications today are familiar with DevSecOps, which integrates security and operations into the software development process. In figurative terms, we think of the software development lifecycle as a timeline, starting with the design on the left and the deployment (and post-deployment activities) on the right. …

Modularity Parable and Software
In his seminal book, The Sciences of the Artificial, Herb Simon describes the parable of watchmakers named Hora and Tempus. They built watches out of 1000 parts. The watches were of the highest quality – as a result, they were often interrupted by customers calling up to place orders. However, they built watches using different techniques. Tempus …

Open-source Tools for Binary Analysis and Rewriting
Unfortunately binary-only software is unavoidable; dependencies of active software projects, firmware and applications distributed without source access, or simply old software whose developers are no longer drawing pay checks (or drawing breath). Consequently binary analysis and rewriting are topics of perennial interest to security and software engineering researchers and practitioners. Binary analysis enables the review of …
Continue reading “Open-source Tools for Binary Analysis and Rewriting”

When your brain can’t handle the complexity: NDepend and PostSharp
The size and complexity of codebases have exploded in the last decade. What can you do when your codebase no longer fits your brain? In this article I’ll suggest two completely different tools: NDepend to visualize the code, and PostSharp to reduce its complexity. Since PostSharp is itself a complex codebase, we’ll use NDepend to …
Continue reading “When your brain can’t handle the complexity: NDepend and PostSharp”

What Makes Firmware Vulnerabilities So Deadly?
Simply put, firmware is low-level software usually stored in a near-silicon form (ROM, EEPROM, or flash memory) that is used during the initial steps of bootstrapping and starting up a computer, printer, or some other kind of electronic device. Alternatively, firmware may serve to drive device-level communications with other components in a computer or other …
Continue reading “What Makes Firmware Vulnerabilities So Deadly?”