Latest BSIMM Report: Security for DevOps and CI/CD Becomes a Priority

Enterprises are adapting their software security efforts to support DevOps as CI/CD instrumentation and operations orchestration have become standard components of organizations' software security initiatives. That's one of the insights from the latest Building Security In Maturity Model (BSIMM ) report from Synopsis.

First published in 2009, the BSIMM is the result of a multiyear study of real-world software security initiatives (SSIs). It was developed to provide a "fact-based" set of best practices for developing and growing an enterprise-wide software security program. That set of practices was the first maturity model for security initiatives created entirely from real-world data. The latest BSIMM is available for download now.

More

Posted by John K. Waters on September 15, 20200 comments


Our First Podcast Features "Hope Speech" Researcher Ashique KhudaBukhsh

We finally dipped our quarantined toes into the ever-widening podcast ocean last week, because we just didn't have enough to do around here. But seriously, after more than two decades on this beat, it really seemed like the right time to start sharing some of the amazing conversations I get to have on a daily basis with the brilliant and inventive people driving high tech.

We were lucky to have as our first guest Ashique KhudaBukhsh, a project scientist in the School of Computer Science at Carnegie Mellon University's Language Technologies Institute (LTI). I met Ashique in January, when he was still a post-doctoral researcher. I stumbled upon one of his team's published papers, and I called him to talk about what they were up to. That conversation led to two stories in ADTmag's sister publication, Pure AI.

More

Posted by John K. Waters on September 3, 20200 comments


GitHub's Ruby 2.7 Upgrade Journey

GitHub's upgrade this year to Ruby 2.7 was a massive, months-long undertaking that required a serious investment in engineering resources and time. The team maintaining the popular Microsoft-owned code-hosting-and-collaboration platform recently shared some of the details of that transition, which, among other things, required that they fix more than 11,000 warnings.

"Fixing that many warnings, some of which were coming from external libraries, takes a lot of coordination and teamwork," observed Eileen M. Uchitelle, a staff software engineer at GitHub and core Rails team member, in a blog post. "In order to be successful we needed a solid strategy for sharing the work."

More

Posted by John K. Waters on September 1, 20200 comments


Preview of Java Message Service 2.0 over AMQP on Azure Service Bus

Microsoft wants to empower its customers to lift and shift their Java and Spring workloads to Azure, while also helping them to modernize their application stack with best-in-class enterprise messaging in the cloud. Toward that end, Redmond recently announced preview support for Java Message Service (JMS) 2.0 over AMQP in Azure Service Bus premium tier.

The Advanced Message Queuing Protocol (AMQP) is an open standard application layer protocol for passing business messages among apps or organizations. It comprises an efficient wire protocol that separates the network transport from broker architectures and management. AMQP version 1.0 supports a range of broker architectures that may be used to receive, queue, route, and deliver messages, or used peer-to-peer.

More

Posted by John K. Waters on August 26, 20200 comments


Google's Jib Gaining Traction in the Broader Java Dev Ecosystem

Google introduced the beta version of its open-source Jib tool for containerizing Java applications in July 2018 with relatively little fanfare. Two years later, the tool has put on some serious muscle in the form of new features and plug-ins, and quietly become a developer favorite.

Jib is an open-source Java tool maintained by Google for building Docker images of Java applications. Jib 1.0.0, released to general availability last year, was designed to eliminate the need for deep Docker mastery. It effectively circumvented the need to install Docker, run a Docker daemon, and/or write a Dockerfile.

More

Posted by John K. Waters on August 25, 20200 comments


A Roundup of Red Hat Revelations from KubeCon+CloudNativeCon

So much Red Hat news has been coming out of the KubeCon + CloudNativeCon EU 2020 Virtual event this week that it has been hard to keep up. We reported earlier on the spotlight announcements around its dev tools for Kubernetes. But that was just the tip of the iceberg. The IBM subsidiary has had a busy week!

More

Posted by John K. Waters on August 20, 20200 comments


The Facial Rec Tech Wreck

Facial recognition technology has been taking it on the chin lately (pardon the pun). Earlier this week, the BBC reported that a UK court ruled the use of the technology by British police violated human rights and data protection laws in that country. A week before that, a team of researchers at the University of Chicago unveiled Fawkes, an algorithm and software tool that makes pixel-level changes to your image that are invisible to the human eye, but effectively mask you from the current crop of facial recognition applications. And back in July, Amazon, Google, and Microsoft were sued over claims they used photos of individuals to train their facial recognition software without getting prior consent, which violated an Illinois biometric privacy statute. (Facebook had already settled a class-action claim that it also violated that law.)

More

Posted by John K. Waters on August 13, 20200 comments


JetBrains Kicks Off Product Release Binge with New IntelliJ IDEA IDE

Software development toolmaker JetBrains, has been on a bit of a product-release binge that started on July 28 with the release of IntelliJ IDEA 2020.2 , which was followed by the releases of the IntelliJ Scala Plugin 2020.2 ,   PyCharm 2020.2 More

Posted by John K. Waters on August 12, 20200 comments


Oracle's March Madness-Style Java Bracket

Oracle's Java Platform Group created a March Madness-style bracket to mark Java's 25th anniversary, substituting JEPs for the college basketball teams and using Twitter polls to determine the winners of the matchups.

The "Best of the JDK Feature Face-Off" concluded last week, with JDK Mission Control edging Records in the final round.

More

Posted by John K. Waters on July 16, 20200 comments