On the Shoulders of Giants: Influential Books for Software Developers


May 16, 2014 By
Jamie Whitehouse
Shoulders of Giants

While there are many books I have read during my career as a software engineer, there are a handful that have been influential in my thinking. Here are my top 2 books for software developers. If you’ve read them before, you might want to read them again through the experience lens of your development career.

Continue reading...

Part 3: How Your Software Is Like a Car – Bad Parts Make for Bad Software


May 14, 2014 By
Wayne Jackson
Component Complexity

In part two of my blog ‘A Closer Look at Today’s Software Supply Chain’, I discussed why human-speed supply chain management can’t keep pace with today’s agile software development practices and why high quality software components are not simply a given. In this final segment, I will share a real world story on how thousands of organizations sourced one “bad part” named Bouncy Castle in 2013.

Continue reading...

4 Open Source Components You Need to Update Right Now


May 7, 2014 By
Brian Fox
Component Vulnerability Stats

Heartbleed has put the security community on notice: it is time to take a harder look at the security status of open source components and frameworks. After doing a little industry research on downloads from the (Maven) Central Repository, I’m sitting here with my jaw hanging open. Over 46 million Java-based open source components containing known vulnerabilities were downloaded from the Central Repository in 2013*.

Continue reading...

Are OpenId and OAuth ‘Bleeding’?


By
Ryan Berg
OpenId and OAuth

Now that Heartbleed has become the new measuring stick for vulnerability disclosures, I have had several people ask me, “Is this OpenId/Oauth thing the next Heartbleed?” The long answer, as Run DMC once said, is “It’s Tricky, Tricky, Tricky, Tricky”. The TL/DR (too long/didn’t read) answer is “No”.

Continue reading...

Like a Good Holiday, the Verizon Breach Report is Here


May 2, 2014 By
Ryan Berg
Verizon Data Breach Report

Like a good holiday the Verizon 2014 Data Breach Investigation Report (DBIR) is something I look forward to every year. Now that I’ve had some office time to digest this, I figured no better time to share my thoughts. I am not going to cover all sections, but do want to highlight a few things that stuck out to me

Continue reading...

Part 2: How Your Software Is Like a Car – A Closer Look at Today’s Software Supply Chain


April 30, 2014 By
Wayne Jackson
Bill of Materials

In part one of my blog, It’s Just the Way Software is Made, I discussed the realities of how software is made, the birth of agile development, and the advent of component-based software development. Today, we will drive down the software supply chain to understand where your software has really coming from. I’ll also discuss why it’s important for us to instill high quality standards and governance policies in our “parts” ecosystem.

Continue reading...

The Nexus 2 Minute Challenge Video Series


April 29, 2014 By
Mark Miller
The Nexus 2 Minute Challenge

In March, Manfred Moser and I introduced the concept of a “Nexus 2 Minute Challenge“, where I would ask Manfred to accomplish a specific task in Nexus in less than 2 minutes. The series was an immediate hit with over 1300 views within the first month. Here’s the inaugural video, Enable Component Version Discovery, from […]

Continue reading...