August 22nd, 2008 chris
About 95 percent of software security bugs come from 19 “common, well-understood” programming mistakes also called the 19 Deadly Sins of Software Security and they are the following:
- Buffer Overruns
- Format String Problems
- Integer Overflows
- SQL Injection
- Command Injection
- Failing to Handle Errors
- Cross-Site Scripting
- Failing to Protect Network Traffic
- Use of Magic URLs and Hidden Form Fields
- Improper Use of SSL and TLS
- Use of Weak Password-Based Systems
- Failing to Store and Protect Data Securely
- Information Leakage
- Improper File Access
- Trusting Network Name Resolution
- Race Conditions
- Unauthenticated Key Exchange
- Cryptographically Strong Random Numbers
- Poor Usability
Posted in Software Security
August 22nd, 2008 chris
Capability Maturity Model Integration (CMMI) is the integrated approach to process and product development. Over the past several years, numerous Capability Maturity Models (CMMs) have been developed. Software emgineering, systems engineering, integrated teams, risk management, and acquisition each had its own model. So industry and government collaborated to establish one model with common terminology, common appraisal methods, and common disciplines.
CMMI, although a collection of multiple models, is most closely associated with the Software and Systems Engineering Models. Therefore, it has been adopted primarily by software development organizations. The model is not prescriptive, but is a collection of best practices that, when interpreted in a specific organization, imply a quality product. There is no guarantee of quality but there is an expectation of product quality as it relates to performance.
Posted in CMMI
August 21st, 2008 chris
Have you been inside a Gigantic Mall that has a lot of passage ways going to the other sections of the establishment. Feeling like the Athenian hero Theseus inside a Labyrinth and feeling lost. Well, do not let that happen to your users when they are already deeply inside your site.
Follow the following guidelines to bring them back home:
-
Tell users where they have arrived and how they can proceed to other parts of the site by including these three design elements on every page:
-
Company name or logo in upper left corner
-
Direct, one-click link to the homepage
-
Search (preferably in the upper right corner)
-
Orient the user to the rest of the site. If the site has hierarchical information architecture, the best way to do this is usually a “breadcrumb trail”links that indicate the user’s current location in the context of the site’s hierarchy and allow users to backtrack or move up the hierarchy. Also include links to other resources that are directly relevant to the current location, but don’t flood the user with links to all site areas or to unrelated pages.
-
Don’t assume that users have followed a drill-down path to arrive at the current page. They may have taken a different path than what you intended and not have seen information that was contained on higher-level pages.
Posted in Design & Usability
August 21st, 2008 chris
There are three types of design you can follow when building your site or user interface. They are the following:
- Standard: Eighty percent or more of Web sites use the same design approach. Users strongly expect standard elements to work a certain way when they visit a new site because that’s how things almost always work.
- Convention: About 50 to 79 percent of Websites use the same design approach. Users expect conventional elements to work a certain way when they visit a new site because that’s how things usually work.
- Confusion: With these elements, no single design approach dominates, and even the most popular approach is used by less than half of Web sites. For such design elements, users don’t know what to expect when they visit a new site.
Choose at your own risk.
Posted in Design & Usability
August 21st, 2008 chris
Standards are very important in design especially in the digital world today. It ensures that users:
- Know what features to expect
- Know how these features will look in the interface
- Know where to find these features on the site and on the page
- Know how to operate each feature to achieve their goal
- Don’t need to ponder the meaning of unknown design elements
- Don’t miss important features because they overlook a design element that is not standard
- Don’t get nasty surprises when something doesn’t work as expected
Posted in Design & Usability
August 21st, 2008 chris
Users and developers are typically from different worlds, may even speak different languages, and have different backgrounds, motivations, and objectives. Communication gap between user and the developer accounts for the fact that understanding user needs remain one of our largest problems.
The problems are the following:
- Users do not know what they want, or they know what they want but cannot articulate it.
- Users think they know what they want until developers give them what they said they wanted.
- Analysts think they understand user problems better than users do.
- Everybody believes everybody else is politically motivated.
The solution:
- Recognize and appreciate the user as domain expert; try alternative communication and elicitation techniques.
- Provide alternative elicitation techniques earlier: storyboarding, role playing, throwaway prototypes, and so on.
- Put the analyst in the user’s place. Try role playing for an hour or a day.
- Politics is part of human nature, so let’s get on with the program.
Posted in Requirements
August 21st, 2008 chris
Thousands of software development teams worldwide are engaged right now in developing widely different software applications in widely different industries. But although we work in different industries and speak and write in different languages, we all work with the same technologies, we read the same magazines, we went to the same schools, and fortunately, we have the same clear goal:
“To develop quality software on time and on budget that meets customers’ real needs”
Posted in Requirements
August 20th, 2008 chris
There are five benefits that your organization will get from ITIL
- The IT organization develops a clearer structure, becomes more efficient, and more focused on the corporate objectives.
- The IT organization is more in control of the infrastructure and services it has responsibilities for, and changes become easier to manage.
- An effective process structure provides a framework for the effective outsorcing of elements of the IT services.
- Following the ITIL best practices encourages a cultural change towards providing service, and supports the introduction of quality management systems based on the ISO 9000 series or on BS15000.
- ITIL provides a coherent frame of reference for internal communication and communication with suppliers, and for the standardization and identification of procedures.
Posted in ITIL
August 20th, 2008 chris
There are three benefits that your customer will get from ITIL
- The provision of IT services becomes more customer-focused and agreements about service quality improve the relationship.
- The services are described better, in customer language, and in more appropriate detail.
- The quality, availability, reliability and cost of the services are managed better.
Posted in ITIL
August 20th, 2008 chris
The IT Infrastructure Library (ITIL) was developed in recognition of the fact that organizations are becoming increasingly dependent on IT to fulfill their corporate objectives. This increasing dependence has resulted in a growing need for IT services of a quality corresponding to the objectives of the business, and which meet the requirements and expectations of the customer. Over the years, the emphasis has shifted from the development of IT applications to the management of it services. An IT application only contributes to realizing corporate objectives if the system is available to users and, in the event of fault or necessary modifications, it is supported by maintenance and operational management.
Posted in ITIL