The National Security Agency has released a case study showing how to cost-effectively develop code with zero defects. If adopted widely, the practices advocated in the case study could help make commercial software programs more reliable and less vulnerable to attack, the researchers of the project conclude.
The case study is the write-up of an NSA-funded [...]
Archive for the 'Security metrics' Category
NSA Posts Secrets to Writing Secure Code – Write at 38 LOC Per Day
October 21, 2008Metrics that Matter
November 9, 2007Ask a wine maker if climate change is real. This year there will be no organic wine from Burgundy. All wine makers have had to spray to prevent mildew attacking vines. Australia will have one of the worst crops in decades and as a result prices of Australian wines will rise next year. Italy [...]
Count What Counts
November 9, 2007Working at Microsoft can be hard. You have to force yourself to not get distracted by all the smart things that smart people are doing and saying. Last week I was sent a summary of an internal blog post by BillG talking about the business in general, ROI and metrics. As usual the summary was [...]
A Sneak Peek at Some Cool Software Security Tools
October 25, 2007My last blog leads me neatly onto to the good stuff. Joining a new company is like a poker game. They need to tell you enough to get you interested but not too much that if you decide not to join you could screw up their plans. I knew ACE had bits of cool stuff [...]
Marc Andreessen on Platforms
September 24, 2007Marc’s post here is well worth a read.
Level 1 is what I call an “Access API”.
Level 2 is what I call a “Plug-In API”.
Level 3 is what I call a “Runtime Environment”.
The Oxygen Security Platform is actually likely to be a combination of all three!
Security Data Visualization Book
September 18, 2007Just picked up from O’Reilly, a new book called Security Data Visualization. It looks to be very network security centric but I will check it out and post a review here.
This Metric Shows Behavioral Change
September 11, 2007A week ago I posted that Metrics Should Change Behavior and used what I think is a clever play on statistics to demonstrate the art of positioning. You can see the video used here. Thinking about it a little more it seems to me that a good metric should possess two qualities. The first [...]
Metrics Should Change Behaviour
September 4, 2007A British University studied 1,050 rock stars and concluded:
European artists are twice as likely to die early than the rest of the population.
US rocks stars died with an average age of forty two while European rock stars died with an average age of thirty five.
One in ten children in the UK aspire to be a rock [...]
The Future : Regulation is Futile – Market Forces Will Prevail
April 28, 200939,000 ft over yet another ocean ……
I just watched an old Bill Joy talk from Ted 2006 via iTunes. Two key paraphrases struck me as prophetic.
“You can’t regulate the problem away”
“What we need is better networks”
In 2005 I did a series of public speaking events using a theme Naked security in which I stripped [...]
Categories: Information Security Economics, Long Tail Security, Microsoft, Platforms, Royal Holloway ISG, Second Life, Security 2.0, Security Industry, Security Platforms, Security metrics, Social Networking, Software Development, Software Security, Technology Commentary, Working at Microsoft, information security, open source
Comments: 6 Comments