Software Engineering

Post thumbnail

You may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines. First, the FDA has authorized two vaccines for emergency use. The review memoranda (Pfizer, Moderna) are all sorts of fascinating. As the kids say, TL;DR: both vaccines are safe and no…

Read More Vaccines

Post thumbnail

The Sonatype 2020 DevSecOps Community Survey is a really interesting report. Most interesting to me is the importance of effective communication, with both tools and human communication in developer happiness. But even more important is my belief that to reach developers Star Wars is better than Star Trek is confirmed. No bias there.

Read More Sonatype Report on DevSecOps

Post thumbnail

There’s an interesting new draft, Best Practices for IoT Security:What Does That Even Mean? It’s by Christopher Bellman and Paul C. van Oorschot. The abstract starts: “Best practices for Internet of Things (IoT) security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product…

Read More “Best Practices for IoT Security”

There’s an interesting article by Phil Bull, “Why you can ignore reviews of scientific code by commercial software developers“. It’s an interesting, generally convincing argument, with a couple of exceptions. (Also worth remembering: What We Can Learn From the Epic Failure of Google Flu Trends.) The first interesting point is the difference between production code…

Read More Code: science and production

Most of my time, I’m helping organizations develop the skills and discipline to build security in. We give the best advice available, and I recognize that we’re early in developing the science around how to build an SDL that works. That’s why I spend time working with academics who can objectively study what we’re working…

Read More SDL Article in CACM