Archive for July, 2011

  • Importance of MISRA

    on Jul 26, 11 • by Alen Zukich • with No Comments

    Importance of MISRA

    Recently I was at our European partner advisory board.  This is a session where we all get together and talk about the current market, the upcoming release and anything else to help our partners be more successful.  The most valuable sessions for myself is hearing from the partners on what works and what doesn’t.  This ranges from commercial issues to technical issues with the product. One very clear message from all the partners was that our MISRA support was a huge plus.  Here in North America we have seen small pockets of adoption, but in

    Read More »
  • Electronic imports contain security threats

    on Jul 19, 11 • by Alen Zukich • with No Comments

    Electronic imports contain security threats

    I read an interesting post on electronic imports that could contain security threats.  I can only speak from the software perspective, but I can say that most customers I’ve dealt with usually integrate some sort of software security audit process with any 3rd-party integrator and from my experience that means adopting static analysis.  How many organizations are there that haven’t jumped on board with static analysis?  Probably more than I can count. It would be very interesting to hear of some of the Armed Services and Intelligence cyber threats that the government has not publicly

    Read More »
  • He crossed the line–testing to development

    on Jul 12, 11 • by Patti Murphy • with 1 Comment

    He crossed the line–testing to development

    Instead of fomenting dissent (that barely exists) in a brazen attempt to boost readership, I’m changing tactics to look at ways in which testing and development are complementary, beyond their common goal of releasing quality software products. What can I say? After my previous post, How developers drive testers nuts–let’s count the ways, I’m clearly getting less edgy. I approached our newest addition to the Klocwork development team, Michail Greshishchev. While he’s a new full-timer, Greshishchev is not a new face around here. The recent Carleton University engineering graduate did two co-op terms here–one in professional

    Read More »
  • New programs for software security

    on Jul 5, 11 • by Alen Zukich • with No Comments

    New programs for software security

    The U.S. Department of Homeland Security, in conjunction with the SANS Institute and Mitre have been hard at work again.  See the article.  There are two new programs called the Common Weakness Risk Analysis Framework (CWRAF) and the Common Weakness Scoring System (CWSS).  Using these two in conjunction will help users identify the most important weaknesses for their business.  It will be interesting to see adoption in the upcoming weeks. In addition to CWRAF and CWSS the 2011 CWE/SANS Top 25 list has been updated.  There has been a number of position changes and a

    Read More »
Scroll to top