BSIMM3 Continues To Add Real-World Data to Security Maturity Model

The intrepid trio of app security mavens who decided back in 2009 that it was about time the world had a set of best practices for developing and growing an enterprise-wide software security program based on actual data has unveiled the third version of their innovative Building Security In Maturity Model (BSIMM).

A "maturity model" describes the capability of an organization's processes in a range of areas, from software engineering to personnel management. The Capability Maturity Model (CMM) is a well-known example from software engineering. The BSIMM (pronounced "bee-simm") is the first maturity model for security initiatives created entirely from real-world data.

More

Posted by John K. Waters on September 30, 20110 comments


Dart: Google Won't Comment, Analysts Weigh in on Possible JavaScript Replacement

Google is keeping mum on its plans to unveil another new programming language at its upcoming GoTo Conference in Denmark next month, but the buzz is already starting to hurt my ears. The language is called "Dart" (formerly "Dash"), and the conference Web site describes it as "a new programming language for structured web programming." Google's PR rep, Lily Lin, gave me a polite brush off in an e-mail, referring me to the opening keynote presentation at GoTo, during which Google engineers Lars Bak and Gilad Bracha will host Dart's debut.

More

Posted by John K. Waters on September 15, 20110 comments


Former Apache Exec's New Gig: Function(x)

Geir Magnusson, Jr., the former Apache Software Foundation board member and representative on the Executive Committee of the Java Community Process, has left his position as CTO of Gilt.com to become CTO of new company launched by entertainment entrepreneur and "American Idol" backer Robert F.X. Sillerman. The company is called Function(x) (pronounced "function ecks," not "function of ecks," you math geeks), and its broadly stated mission is to "establish a new platform for investments in media and entertainment with a particular emphasis on digital and mobile technology."

More

Posted by John K. Waters on September 9, 20110 comments


The PaaS Wars Heat Up at Dreamforce

This year's Dreamforce event was ginormous. Salesforce.com took over all three wings of the Moscone Center in San Francisco for a week and even closed down a block of Howard Street to accommodate the wanderings of the 45,000 registered attendees. The entire exhibit area of one wing was set up for CEO Mark Benioff's keynote opener, and they still had overflow traffic going into another room to watch the keynote on monitors.

More

Posted by John K. Waters on September 2, 20110 comments


eXo's On-Ramp to VMware Cloud Foundry

Developers deploying Java applications to VMware's new Cloud Foundry Platform-as-a-Service (PaaS) have yet another way to get there. eXo, the French company best known for its GateIn-based enterprise Java portal, has added Cloud Foundry to the growing list of PaaS systems supported by its new Cloud IDE development tool.

The company is billing the eXo Cloud IDE as the industry's only cloud-based integrated development environment. It provides codederos with a multi-tenant, hosted dev space designed to enable the collaborative building of apps based on Java, Groovy, Spring, PHP, Ruby and HTML, among others. And the apps you build with it can be deployed directly to a PaaS environment.

More

Posted by John K. Waters on August 25, 20110 comments


Gorilla Logic Reloads FlexMonkey with Major Changes

The advanced primates over at Gorilla Logic have been working those opposable thumbs overtime recently. The results: FlexMonkey 5, a revamped version of the company's flagship open source automated testing tool for Adobe Flex and AIR. The company is calling this release "a major re-write" of the core open source tool that was driven by real-world feedback from the FlexMonkey community and Gorilla Logic's customers.

"We'd evolved the platform tremendously, and with [version] 4.19 we really hit our stride," Gorilla Logic's VP of engineering, Ed Schwarz, told me, "but we also got a lot of feedback about some aspects of it, and we realized that if we were going to take FlexMonkey to the next level, we had to do a bottom-to-top review and come out with a brand new version."

That version, code named "FlexMonkey Reloaded," had been in beta since the beginning of the year. It became the platform's main code base as of August 1.

More

Posted by John K. Waters on August 24, 20110 comments


Scala Creator Odersky on Java 7: Higher-Level Parallelism

There's a lot that's new in Oracle's recent release of the Java Platform Standard Edition 7 (Java SE 7), but for Martin Odersky and much of the Scala community, this release is all about its updated concurrency infrastructure -- the new Fork/Join Framework in particular, which was actually part of the JSR-166 concurrent utilities that didn't make it into Java 5 or 6. "This will no doubt further improve the performance of Scala's higher-level parallelism construct," he said in a released statement, "including its parallel collections and actors."

I recently talked with Odersky while he was in Lausanne, Switzerland, where much of the development for his company, Typesafe, takes place. The months-old commercial startup behind the open source Scala project, which Odersky created, and the open source Akka event-driven middleware framework, maintains its official headquarters in Cambridge, Mass.

More

Posted by John K. Waters on August 16, 20115 comments


David I: Do Labels Limit Developer Creativity?

My inbox is positively billowing with press releases, product announcements and marketing department communiqués about the cloud. A quick keyword search of last week's pile alone turned up 400 electronic missives containing "cloud" and 175 of which contained "cloud application."

Navigating this e-mail thunderhead put me in mind of a conversation I had with David Intersimone earlier this year. Intersimone is vice president of developer relations and chief evangelist for tool maker Embarcadero Technologies. Better known as David I, he worked for more than two decades at Borland, the company that invented the IDE, then CodeGear, the company that emerged from Borland's decision to shed its tools business. I caught up with my favorite programming guru during his latest trip down under to visit the Australia Delphi Users Group (and to get in a bit of scuba diving in).

More

Posted by John K. Waters on August 12, 20111 comments


New Java PaaS for Private Clouds, Backed by Father of Java

Java Platform-as-a-Service (PaaS) startup CumuLogic has released a public beta of its flagship offering with the same name that offers application infrastructure software for enterprises, cloud provider and ISVs building and managing Java PaaS in public, private and hybrid cloud environments. The CumuLogic solution is essentially a platform for developing and deploying Java applications in any type of cloud environment.

The CumuLogic PaaS software is designed to provide support for multiple clouds, which makes it possible to support clouds from different vendors at the same time. It currently supports EC2, Cloud.com, Eucalyptus and VMware. The company also expects to add OpenStack to that list soon. More

Posted by John K. Waters on August 10, 20110 comments