Tuesday, September 27, 2011

Cigital Announces BSIMM3

Cigital, the company I work for, today announced the third major release of the "Building Security In Maturity Model" (BSIMM) study. BSIMM3 continues to add real-world data defining benchmarks for successfully developing and operating an enterprise software security initiative. The study reveals that firms participating in the BSIMM project show measurable improvement in their software security initiatives over time.

BSIMM3 is a multi-year study of real-world software security initiatives, based on in-depth measurement of leading enterprises including Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Fannie Mae, Google, Intel, Intuit, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, SAP, Scripps Networks Interactive, Sony Ericsson, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, Visa, VMware, Wells Fargo, and Zynga.

The BSIMM3 study provides insight into forty-two of the most successful software security initiatives in the world, identifying activities used by these organizations to effectively plan, structure, and execute the evolution of a software security initiative.

Originally launched in March 2009, the BSIMM is the industry's first software security measurement tool built from real-world data rather than based on philosophy and theory. BSIMM2 was released in May 2010 and tripled the size of the original study from nine organizations to thirty. BSIMM3, released today, covers forty-two firms representing a range of eight overlapping verticals including: financial services (17), independent software vendors (15), technology firms (10), telecommunications (3), insurance (2), energy (2), media (2) and healthcare (1). The current release includes 109 thoroughly updated activity descriptions and a longitudinal study describing the evolution of eleven of the forty-two firms over time.

Some highlights for the third major release of the BSIMM:
• BSIMM3 now includes 42 firms
• BSIMM3 describes 109 activities in 12 practices with 2 or more real examples for each activity
• 11 firms have been measured twice (providing Longitudinal Study data) and the data show measurable improvement
• The BSIMM3 data set has 81 distinct measurements (some firms measured twice, some firms have multiple divisions measured separately)
• BSIMM3 reveals that leading firms on average employ two full time software security specialists for every 100 developers
• BSIMM3 results show that mature software security initiatives are well rounded, with activities in all twelve practices including: strategy and metrics, compliance and policy, architecture analysis, code review, security testing, penetration testing, and configuration management.

For more information and to access the BSIMM3 study, which is distributed free of charge under the Creative Commons, please visit: http://bsimm.com/

Saturday, September 10, 2011

EJB 3.1 Cookbook - Review

Title: EJB 3.1 Cookbook

Author: Richard.M.Reese

Publisher: Packt

I received this book to review some time in June this year. Just two days after I received the book, we had to travel to India due to the sudden death of my Mother-in-law.
I came back from India, and was swamped with work for several weeks. Finally, this weekend I had some time to sit in front of my laptop and work on the review.

 I usually don't agree to review any books due to my busy schedule. However, took this offer just because it was a book on my favorite technology, EJB's.

The book covers the latest EJB version, 3.1. Like the name suggests it is a cookbook with lots of examples. If you are already familiar with using EJB and want to know new features of 3.1 than I would recommend you to go ahead and buy this book.

However, if this is the first time you are using EJB's, than this book doesn't cover all the technologies in detail. There are a few sections which I thought was not at all relevant to EJB 3.1, like

  • How to support currency
  • Using time with an EJB
  • Efficient manipulation of strings
And a few sections where the Author goes in detail in explaining how to
  • Validating null fields
  • Validating string fields
  • Validating temporal fields
  • Validation using regular expressions
  • Validating Boolean fields
  • Validating Integer fields
  • Using the Validator class
Do we need examples to know how to validate every type of field?
In the past few years I have been consulting, I have seen several Developers who need examples and samples for everything. If you are one such Developer, this is the book for you.
If you want more details about this book, take a look at the link below on Packt web site.
 1. EJB 3.1 Cookbook

So, what would be my rating for this book if you ask?

Packt Publishing launches Sixth Annual Open Source Awards

I am a huge fan of technical books. I used to write several reviews for Javalobby earlier. However, due to time constraints and a hectic job, have not been writing reviews lately. Earlier, most books I read were from Manning, Apress and O'Reilly. In recent days, I read several interesting books from Packt Publishing.

 I am also a huge fan of open source technologies. I haven't contributed much to open source technologies. However, when I heard of the latest open source awards announced by Packt Publishing, I thought I should do my share and let the community know the same.

Packt has announced several categories for the awards.
The categories are:
  • Open Source CMS
  • Open Source Mobile Toolkits and Libraries
  • Most Promising Open Source project
  • Open Source Business Applications
  • Open Source JavaScript Libraries
  • Open Source Multimedia Software
If you nominate you will be entered to win a Kindle. I love my Kindle. :)
As per the press release from PACKT:
"The finalists in the voting stage will be announced at the beginning of September; and the Voting stage begins on 19th September 2011. Voting closes on 31st October 2011, with the winners announced throughout the week commencing 7th November 2011."
Read more details on their web site, and keep voting.