Systems Integration
Aug 26 2010
Secure Development - Introduction to SAMM
Over the course of the next several months, this blog will explore the Software Assurance Maturity Model (SAMM) in detail. Last time, we talked about some of the many methodologies for integrating secure practices into the development cycle, but in the interest of keeping it simple we will be focusing on SAMM going forward.
First, a quick introduction to SAMM: according to its creators, SAMM is "an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization." The model is based on the following three premises, which ensure that it is realistic and flexible:
Aug 16 2010
Secure Development Methodologies Overview
Over the last few months, this blog series has focused on the technical details of integrating security during the development phase. While this is the most critical phase, where the proverbial rubber meets the road, developers alone cannot bear the burden of producing secure code. To achieve robust security, it must be integrated into the whole software development lifecycle, from requirements to testing and beyond.
There has been a lot of work in this space recently. This post will attempt to give an overview of the various methodologies and approaches, but it is not designed to be an exhaustive list (and is shown in no particular order).
Jul 27 2010
Secure Development - Web Application Top 10 Summary
Since I started this series several months ago, OWASP has released its final version of its latest and greatest Top 10 list for 2010. In today's post, we will use this list to summarize the vulnerabilities covered so far and briefly talk about some of the new additions. For most of these, I have simply linked the title of the vulnerability to the corresponding post in my blog series.
Jul 23 2010
Content Migration: High-Level Planning
To read the introduction to this blog series, click... Content Migration for Enterprise Portals: Almost as much fun as moving
“How much stuff do we have? How should we estimate that?”
“Should we just get a U-Haul and move ourselves, or do we need a professional carrier?”
“How long will it be between boxing up our belongings and being able to unpack them? What do we need access to during that period?”
These are just a few of the many questions that must be answered as you decide how to execute a move. Each has a parallel encountered during the initial stages of content migration planning.
Jul 23 2010
Content Migration for Enterprise Portals: Almost as fun as moving
I recently lived the joy of a multi-step interstate move that included professional packing, multiple trucks, and a month of storage between moving out and moving in. As my wife and I continue to wade through the remnants of unpacking, I’ve taken some time to look back and contemplate what we might have done differently to make it a more pleasant and efficient process. (NB: Our movers, Hilldrup Moving & Storage, were excellent and I highly recommend them. Even still, I doubt many will argue with this universal point: moving stinks.) While pondering the lessons we learned, it dawned on me how the moving process can serve as a useful analogy for a similarly intimidating challenge in the enterprise portal realm: content migration.