Application security expert and Cigital CTO Dr. Gary McGraw is off to Europe this week to spread the gospel of the Building Security In Maturity Model (BSIMM). McGraw will be on the continent for a week, mostly in Germany and Switzerland.
McGraw is scheduled to speak to company developers during SAP's Quality Day today, in Mannheim, Germany. On March 16, he's off to Geneva to talk with the IT pros at CERN, and then to talk about how to start and evolve software security initiatives at the Cigital Europe Roundtable discussion. He'll also spend some time at Siemens, which is apparently taking a hard look at its security posture since Stuxnet, the first known malware that spies on and subverts industrial systems, struck last summer.
More
Posted by John K. Waters on March 14, 20110 comments
The JRuby community announced this week the release of the JRuby 1.6.0 RC3 -- and promised that this third release candidate would be the last.
"We are going to seriously try and make this our last RC before going final," the company wrote in the JRuby blog announcing the release. "Unless we find something devastatingly bad we will release 1.6.0 and then try and spin smaller point builds every 2-3 weeks to address reported problems."
More
Posted by John K. Waters on March 11, 20110 comments
I try not to let my fanboy tendencies leak into my coverage of tools and tech, but I have to admit to a fondness for JetBrains, the Prague-based maker of the venerable code-centric Java IDE, IntelliJ IDEA, one of the relatively few such tools to survive the Eclipse Juggernaut. (I've referred to the advent of Eclipse that way so often I thought it was time I capitalized the moniker.)
It's hard not to root for the scrappy survivor, and the company was scrappier than ever last month when Oracle announced that it would be dropping support for Ruby on Rails in the NetBeans IDE. The company tweeted: "We welcome all NetBeans users to start evaluating RubyMine as your new Ruby/Rails IDE! Expect some great news very soon on our pricing page!"
More
Posted by John K. Waters on February 28, 20111 comments
Whenever I talk with a company on a mission, my Spidey Sense starts tingling (or maybe that's just my iPhone on vibrate). But here's the thing about Talend's quest to "democratize the ESB market:" It may be a marketing slogan, but it's one that clarifies, and that's depressingly rare.
"What we mean by democratization," said Pat Walsh, VP of marketing in Talend's new Application Integration Division, "is not only the attractive economics that open source products provide to our customers, but it's also about accessibility to users. Oftentimes these types of products can be complex and difficult to use, and we -- along with the open source community -- are making them easier to use."
More
Posted by John K. Waters on February 16, 20110 comments
On Tuesday, a bit more than a year after Oracle acquired Sun Microsystems, and with it the stewardship of Java, the database giant invited the public to a webcast that promised to provide a "state of the union address" on Java under Oracle's watch. But the company's fireside chat failed to address the hottest topics sparked during its first 12 months in that role.
During the webcast, dubbed "Java and Oracle, One Year Later," Justine Kestelyn, director of the Oracle Technology Network, tossed softball questions to Ajay Patel, vice president of product development for Oracle's application grid products group.
Patel emphasized that Oracle's goal is to drive Java adoption, make the platform more competitive, make it more relevant and make it more modular. "Things got stalled over the past couple of years," he said. They "came to a grinding halt… The community has been waiting to move the platform forward." The OpenJDK is the perfect way to do that, he insisted More
Posted by John K. Waters on February 15, 20110 comments
The recently published report from Forrester Research on the future of Java under Oracle is getting a lot of attention, as well it should. (We covered it in "Future of Java 'Constrained by Oracle's Business Model,' Analysts Say." But another new Forrester report not in the spotlight shouldn't go unnoticed.
In "WebSphere 7 Reaffirms IBM's Java Platform Lead," Forrester analyst John R. Rymer (who co-authored the aforementioned paper) declares, "With the seventh generation of its WebSphere software, IBM redefines the state of the art in Java platforms."
More
Posted by John K. Waters on February 1, 20110 comments
Cisco Systems says Java vulnerabilities are now exploited more often than holes in Adobe's Acrobat and Reader applications.
The networking giant's 2010 Annual Security Report states that in January 2010, Java exploits accounted for only 1.5 percent of Web malware blocked by the company's ScanSafe software. By November, that number had jumped to 7 percent, Cisco says. Meanwhile, PDF exploits were declining. In January, they totaled just over 6 percent of Web malware blocked by ScanSafe, and by November that number had dropped to just 2 percent.
More
Posted by John K. Waters on February 1, 20111 comments
I wrapped up the working side of 2010 by catching up with one of my favorite software development gurus, David Intersimone, best known as "David I." He calls himself a "code junkie'; I'd call him a programmer's programmer. He worked for more than two decades at Borland, the company that invented the IDE; then CodeGear, the company that emerged from Borland's decision to shed its tools business; and he's now Vice President of developer relations and Chief Evangelist at Embarcadero Technologies.
We talked about a lot of stuff, including how he manages to get a seal on his scuba mask over that Dumbledore beard of his. But we eventually hunkered down on a topic that has been occupying him lately: developing for the cloud.
"I think we've made it through all these overloaded terms like software-as-a-service and mashups," Intersimone told me. "Now we're at the point where we can say, we've got clients and we've got servers, and in between them there are protocols and APIs. That's the real world."
The cloud is more a less a manifestation of that real world, he said, and it's improving the lives of developers by allowing them to employ the standards and the architectures they use when building desktop client-server multitier applications with the added ability to deploy very rich clients "all over the place."
"It's so easy now to configure and provision an instance of a server, inside or outside the firewall," he said, "and then build all sorts of clients, including a simple HTML/JavaScript browser client, or a simple client built with Xcode and REST connectivity for the iPad or the iPhone, or with simple Java for Blackberry and Android, or Silverlight for Windows Phone 7."
More
Posted by John K. Waters on January 21, 20110 comments
Here's a MySQL announcement that surprisingly didn't make the news last week: The Independent Oracle Users Group (IOUG) has just formed a new advisory group made up of MySQL community leaders and subject matter experts.
The membership roster of the new MySQL Council includes some prominent names in MySQL Land. Here's the list:
- Sarah Novotny, Blue Gecko
- Sheeri Cabral, PalominoDB
- Bradley Kuszmaul, Tokutek
- Giuseppe Maxia, Continuent
- Rob Wultsch, GoDaddy.com
- Matt Yonkovit, Percona
More
Posted by John K. Waters on January 18, 20111 comments