with software liability for a long time, and the people who will suffer will be the innovators and the startups, not the established companies Jennifer Granick, Black Hat USA 2015 Keynote 2015-08-04 around minute 46:00 https://www.youtube.com/watch?v=Tjvw5fz_GuA
about five years ago, Beshar said. Today, globally, about $2 billion worth of premiums have been sold. Most of that coverage is in the United States, but the market is growing substantially, he said. http://wapo.st/1gcDU9i
Three-quarters of all government Web and mobile applications fail their initial security reviews CSO Online / Veracode Jun 23, 2015 … and then only fixing 27% a year later http://www.csoonline.com/article/2939234/application-security/government-ranks- last-in-fixing-software-security-holes.html
who is being intentionally obscure or wild of tongue we can say, "Be obscure clearly! Be wild of tongue in a way we can understand!" • 19. Do not take shortcuts at the cost of clarity. Many shortcuts are self-defeating; they waste the reader's time instead of conserving it. • 20. Avoid foreign languages. (write in the standard language, reuse existing dependencies) • 21. Prefer the standard to the offbeat. Young writers will be drawn at every turn toward eccentricities in language.
than this. The comments in BoringSSL headers can be extracted by a tool to produce documentation of a sort. (Although it could do with a make-over.) (Clang's formatting tool and its Vim integration are very helpful! It's been the biggest improvement in my code-editing experience in many years.) First thing mentioned? Style cleanup https://www.imperialviolet.org/2015/10/17/boringssl.html
Type of Crime or Severity not well measured. Read on!: http://cebcp.org/evidence-based-policing/what- works-in-policing/research-evidence-review/broken-windows- policing/
Smaller diffs • Less merge conflicts • Faster bug detection • Faster on boarding • Side effect: simpler code. • Easier to read for everyone, including security reviews.
application The CIOs surveyed named the top 3 common information system vulnerabilities as being related to application security (55%), security awareness (51%), and, perhaps most surprisingly, out- of-date security patches (50%). http://www.information-age.com/industry/software/123459579/ why-your-business-cant-afford-not-patch 2015-06-02
applications. Love it for the OS* And application patches* Operations typically doesn't like deployment ever, OS or Application.* Developers love continuous deployment, but don't care about security or operations*. * Your experience may differ
code meant to be read Write code meant to be read in a diff • Filtered out the dumb stuff before deploy • Deploy small chunks, regularly • Make Security Visible • Watch What Happens