sexta-feira, 13 de abril de 2018

SDK: Guardium SDK for neighborhood security?

https://securityintelligence.com/neighborhood-watch-uniting-the-data-security-community-through-software-development-kits/

Quoting:
"A Neighborhood Watch for the Data Security Community

Today, there are four use case categories of interest for which we are prompting business partners to build apps: risk discovery and classification, new data sources and platforms supported for data protection, big data aggregation and analytics, and industry-focused compliance solutions. These four use cases can be addressed in a variety of ways.

For example, apps can be built to present a combination of internal and external data in tables or visualizations. They can also integrate data from external products or services for better analytics and/or compliance. In addition, apps can be built to host security rules or highlight anomalous activities and send reports to an external source.

The final piece of the puzzle is the skills and expertise of the business partners and developers themselves. Without collaboration from those who are looking for new challenges and innovative ways to contribute to the data security community at large, we can’t move forward. Much like the Neighborhood Watch, the security world needs to band together as a community to ensure that data privacy and security principles are upheld.

So what are you waiting for? To get started, download the Guardium SDK."

More info:

https://exchange.xforce.ibmcloud.com/hub/extension/cd46ff5905e6709be66ab814da9eabb4?cm_mc_uid=78223798062015236497989&cm_mc_sid_50200000=44250091523649799017

Quoting:
"IBM X-Force Exchange is a threat intelligence sharing platform that you can use to research security threats, to aggregate intelligence, and to collaborate with peers.

Logged in users have integrated access to all the functionality of the site: searching, commenting, Collections and sharing. Guests can search and view reports only."


SW Development and Ethics?

After the Cambridge Analytica "issue", ethics becomes more and more of an issue to clarify in the minds of project team members (and managers):
https://www.itproportal.com/features/rewriting-the-code-for-ethics-in-software-development/

Quoting:
"Redefining and reporting on grey areas 

However, as with all questions around ethics, inevitably, grey areas remain. Take for instance a recent survey that asked developers if they would report on ethical issues with their code in which over a third of respondents replied with 'it depends on what it is'. Equally, 58% would hold the upper management or board level members ultimately responsible for code that is produced for unethical purposes. This quite clearly illustrates the current uncertainty - and maybe even fear of speaking up - when it comes to computer ethics in action; just 13% would publicly report an unethical coding practice.  

As an industry, we need to be mindful to consider the purpose of our works and make sure there are safe ways to air concerns that arise during the course of development. Some infrastructure for this exists already in many companies, but we could regulate this to allow ethical concerns to be raised without causing undue stress and worry. (...)"

sexta-feira, 6 de abril de 2018

BOOK: The Clean Coder: A Code of Conduct for Professional Programmers (Robert C. Martin)

Not to be confused with the "Clean Code" excellent book, this one is about how to deal with managers in order to have a "long life" in the software development business:

The Clean Coder: A Code of Conduct for Professional Programmers: Robert C. Martin: 4708364241379: Amazon.com: Books


Quoting:
"Programmers who endure and succeed amidst swirling uncertainty and nonstop pressure share a common attribute: They care deeply about the practice of creating software. They treat it as a craft. They are professionals.

In The Clean Coder: A Code of Conduct for Professional Programmers, legendary software expert Robert C. Martin introduces the disciplines, techniques, tools, and practices of true software craftsmanship. This book is packed with practical advice–about everything from estimating and coding to refactoring and testing. It covers much more than technique: It is about attitude. Martin shows how to approach software development with honor, self-respect, and pride; work well and work clean; communicate and estimate faithfully; face difficult decisions with clarity and honesty; and understand that deep knowledge comes with a responsibility to act.

Readers will learn:
  • What it means to behave as a true software craftsman
  • How to deal with conflict, tight schedules, and unreasonable managers
  • How to get into the flow of coding, and get past writer’s block
  • How to handle unrelenting pressure and avoid burnout
  • How to combine enduring attitudes with new development paradigms
  • How to manage your time, and avoid blind alleys, marshes, bogs, and swamps
  • How to foster environments where programmers and teams can thrive
  • When to say “No”–and how to say it
  • When to say “Yes”–and what yes really means
Great software is something to marvel at: powerful, elegant, functional, a pleasure to work with as both a developer and as a user. Great software isn’t written by machines. It is written by professionals with an unshakable commitment to craftsmanship. The Clean Coder will help you become one of them–and earn the pride and fulfillment that they alone possess."

quinta-feira, 5 de abril de 2018

BOOK: Clean Architecture: A Craftsman's Guide to Software Structure and Design (Robert C. Martin Series): Robert C. Martin: 9780134494166: Amazon.com: Books

Clean Architecture: A Craftsman's Guide to Software Structure and Design (Robert C. Martin Series): Robert C. Martin: 9780134494166: Amazon.com: Books

Quoting:

"Practical Software Architecture Solutions from the Legendary Robert C. Martin (“Uncle Bob”)

By applying universal rules of software architecture, you can dramatically improve developer productivity throughout the life of any software system. Now, building upon the success of his best-selling books Clean Code and The Clean Coder, legendary software craftsman Robert C. Martin (“Uncle Bob”) reveals those rules and helps you apply them.

Martin’s Clean Architecture doesn’t merely present options. Drawing on over a half-century of experience in software environments of every imaginable type, Martin tells you what choices to make and why they are critical to your success. As you’ve come to expect from Uncle Bob, this book is packed with direct, no-nonsense solutions for the real challenges you’ll face—the ones that will make or break your projects.

  • Learn what software architects need to achieve—and core disciplines and practices for achieving it
  • Master essential software design principles for addressing function, component separation, and data management
  • See how programming paradigms impose discipline by restricting what developers can do
  • Understand what’s critically important and what’s merely a “detail”
  • Implement optimal, high-level structures for web, database, thick-client, console, and embedded applications
  • Define appropriate boundaries and layers, and organize components and services
  • See why designs and architectures go wrong, and how to prevent (or fix) these failures
Clean Architecture is essential reading for every current or aspiring software architect, systems analyst, system designer, and software manager—and for every programmer who must execute someone else’s designs."

quarta-feira, 4 de abril de 2018

BOOK: Agile Software Development with Scrum (Series in Agile Software Development): Ken Schwaber, Mike Beedle: 9780130676344: Amazon.com: Books

The book that started it all, by Schwaber and Beedle (recently disappeared):

Agile Software Development with Scrum (Series in Agile Software Development): Ken Schwaber, Mike Beedle: 9780130676344: Amazon.com: Books

TOOL: Coco Code Coverage

Multiple-platform/compiler code coverage tool:
https://www.froglogic.com/coco/free-trial/

Quoting:
"Coco

Cross-platform and cross-compiler code coverage analysis for C, C++, C#, SystemC, Tcl and QML code.


Coco utilizes source code instrumentation to analyze the applications’ source code.

No changes to the source code are necessary.

Executing a test suite against an instrumented application produces data that can later be analyzed. This analysis can be used to understand how much of the source code has been hit by tests, which additional tests need to be written, how the code coverage changed over time and more."

terça-feira, 3 de abril de 2018

BOOK: Enterprise Scrum (Mike Beedle)

Quoting:
"The focus of Enterprise Scrum is on reinventing the company itself, or any part of it, with all of its business units, customer segments, business models, processes, products, and services.

Enterprise Scrum means Scrum applied to the Enterprise as a whole, so it means continuously reinventing, improving and adapting the company and everything it does.

In 2016, the book Enterprise Scrum: An Adaptive Method for Project Success was published."
Co-Author of Agile Manifesto and Creator of Enterprise Scrum Mike Beedle Passed Away

The blog:
http://www.enterprisescrum.com/

The BOOKEnterprise Scrum: Agile Management for the 21st Century

https://www.amazon.com/exec/obidos/ASIN/0321807847/

Quoting:
"This is today's definitive guide to making Scrum work at all levels of the enterprise, both in software development and in any other knowledge-intensive business process. Legendary agile pioneer Mike Beedle draws on his experience helping thousands of teams and individuals succeed with Scrum in projects of all types, from single-team assignments to those cutting across complex processes or the entire organization.

Beedle begins with a uniquely clear and practical explanation of Scrum: its roles, benefits, interactions, and how it reflects modern insights into complexity science. You'll master these crucial essentials with the help of clear organizational and process diagrams, as well as exceptionally relevant case studies in software development and beyond.

Building on this understanding, Beedle introduces proven enterprise-level Scrum processes for introducing, growing, and managing operations -- including Scrum's role in the Project Management Office (PMO) and in support of executive activities. He concludes with detailed case studies from multiple domains where Enterprise Scrum has delivered superior results.

Throughout, Beedle helps you understand the paradigm shift required to succeed with Scrum in any knowledge-intensive business process -- and how to gain Scrum's proven benefits of productivity, transparency, and performance."

DIGEST: SW Licensing options

An interesting sum-up of some licensing options (http://www.codeproject.com/info/Licenses.aspx) that might be of interest as a first approach to a decision on what license can we apply (or are we obliged to use) when reusing and/or building upon.

Quoting (licenses valid for Code Project): 
"

Microsoft Reciprocal License

A Microsoft open license and a free software license . Allows for distribution of derived code so long as the modified source files are included and retain the Ms-RL.
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: False
Provides an explicit patent license: True
Can be used in proprietary (closed source) applications: True
Is a viral licence: False
Supported by CodeProject: True

The Code Project Open License (CPOL)

The main points subject to the terms of the License are:
  • Source Code and Executable Files can be used in commercial applications;
  • Source Code and Executable Files can be redistributed; and
  • Source Code can be modified to create derivative works.
  • No claim of suitability, guarantee, or any warranty whatsoever is provided. The software is provided "as-is".
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: False
Provides an explicit patent license: True
Can be used in proprietary (closed source) applications: True
Is a viral licence: False
Supported by CodeProject: True

The Common Development and Distribution License (CDDL)

Based on the Mozilla Public License (MPL) that makes it more applicable for use outside the Mozilla Foundation.
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: True
Provides an explicit patent license: True
Can be used in proprietary (closed source) applications: True
Is a viral licence: False
Supported by CodeProject: True

The Microsoft Public License (Ms-PL)

Used by Microsoft. Compiled derived code can be distributed, for both commercial and non-commercial use. If the source code is to be redistributed then a complete copy of this license must be included in the redistribution.
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: False
Provides an explicit patent license: True
Can be used in proprietary (closed source) applications: True
Is a viral licence: False
Supported by CodeProject: True

The Mozilla Public License 1.1 (MPL 1.1)

Used by Mozilla and Firefox, among others. The patent clauses are not acceptable to some.
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: True
Provides an explicit patent license: True
Can be used in proprietary (closed source) applications: True
Is a viral licence: False
Supported by CodeProject: True

The Common Public License Version 1.0 (CPL)

Derived from the IBM Public License and influenced by the Mozilla Public License, and used by some Microsoft projects on SourceForge.
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: True
Provides an explicit patent license: True
Can be used in proprietary (closed source) applications: True
Is a viral licence: False
Supported by CodeProject: True

The Eclipse Public License 1.0

A newer version of the Common Public License that is in some cases more acceptable to business.
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: True
Provides an explicit patent license: True
Can be used in proprietary (closed source) applications: True
Is a viral licence: False
Supported by CodeProject: True

The MIT License

A very old license with essentially no restrictions on the use of the code. It also provides very little in the way of protection for authors or users. It is the same as the BSD license without the 'no endorsement' clause.
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: False
Provides an explicit patent license: False
Can be used in proprietary (closed source) applications: True
Is a viral licence: False
Supported by CodeProject: True

The BSD License

A very old license with essentially no restrictions on the use of the code. It also provides very little in the way of protection for authors or users. It is the same as the MIT license except that it includes a clause preventing the use of the author's name for endorsement.
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: False
Provides an explicit patent license: False
Can be used in proprietary (closed source) applications: True
Is a viral licence: False
Supported by CodeProject: True

The Apache License, Version 2.0

Slightly more restrictive (but still very open) version of the BSD or MIT license that adds patent clauses. Read carefully.
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: False
Provides an explicit patent license: True
Can be used in proprietary (closed source) applications: True
Is a viral licence: False
Supported by CodeProject: True

The Creative Commons Attribution-ShareAlike 2.5 License

A license that requires a link be visible on works that use this license. "Share alike" is what it sounds like, you can share this work as long as that work has a license similar to this one.
It is recommended that this license not be used for software.
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: False
Provides an explicit patent license: False
Can be used in proprietary (closed source) applications: False
Is a viral licence: True
Supported by CodeProject: False

The zlib/libpng License

A license with an emphasis on freedom of use and re-use, with a few restrictions.
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: False
Provides an explicit patent license: False
Can be used in proprietary (closed source) applications: True
Is a viral licence: False
Supported by CodeProject: True

A Public Domain dedication

Not a license, but a dedication to the public domain. All rights are given up and anyone can do anything they wish with the code. Please note this is not a license and provides no guarantees for the user and no indemnities for the author.
Provides copyright protection: False
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: False
Provides an explicit patent license: False
Can be used in proprietary (closed source) applications: True
Is a viral licence: False
Supported by CodeProject: True

The Creative Commons Attribution 3.0 Unported License

This license lets others distribute, remix, tweak, and build upon your work, even commercially, as long as they credit you for the original creation. It is recommendedthat this license not be used for software.
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: False
Provides an explicit patent license: False
Can be used in proprietary (closed source) applications: False
Is a viral licence: True
Supported by CodeProject: False

The Creative Commons Attribution-Share Alike 3.0 Unported License

A license that requires a link be visible on works that use this license. "Share alike" is what it sounds like; you can share this work as long as that work has a license similar to this one. It is recommended that this license not be used for software.
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: False
Provides an explicit patent license: False
Can be used in proprietary (closed source) applications: False
Is a viral licence: True
Supported by CodeProject: True

The Creative Commons Attribution-NoDerivatives 3.0 Unported

A license which specifies that if you remix, transform, or build upon the material, you may not distribute the modified material. It is recommended that this license not be used for software.
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: False
Provides an explicit patent license: False
Can be used in proprietary (closed source) applications: False
Is a viral licence: True
Supported by CodeProject: True

The GNU Lesser General Public License (LGPLv3)

A derivative of the GPL that was intended to allow non-GPL code to work with, and call GPL code. The author of this license asks that you only use this license if you are licensing functionality already commonly available.
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: True
Provides an explicit patent license: False
Can be used in proprietary (closed source) applications: True
Is a viral licence: True
Supported by CodeProject: True
Example usage in your code
(Replace 'Foobar' with the name of your product)
This file is part of Foobar.
 
Foobar is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
 
Foobar is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Lesser Public License for more details.
 
You should have received a copy of the GNU Lesser Public License
along with Foobar.  If not, see <http://www.gnu.org/licenses/>.

The GNU General Public License (GPLv3)

A common but misunderstood license. This allows developers to freely use the software as long as they use the same (or an even less restrictive) license for parts of the program that they wrote themselves. Viral in nature. Read carefully and make sure you understand the implications of using this license. Unacceptable to many.
You can write commercial software using software licensed with the GPL, but you cannot write proprietary software (meaning software for which the code is not freely available). You can sell GPL code, even if it's already being given away, or you can sell services attached to the code such as support contracts.
Any software written using GPL'd code must itself be licensed using the GPL (or less restrictive license) meaning it cannot be proprietary. This means that developers writing commercial software may not be able to use GPL code if they do not wish to provide the code.
One important note (thanks to René Pfeiffer): The GPL doesn't require you to publish the source to the world. Only the recipient of the software needs to have the source. If you have a customer, write GPLed software for a specific purpose and only give the binary to this customer, then only this customer must have access to the source code, not everybody and not the public; just the recipient of the (binary) code. This is in full agreement to the GPL. The main advantage is to play with open cards and not create a "blackmail" situation.
At the Code Project we prefer that developers allow other developers to use their freely given code in whatever way they wish - commercial, proprietary, or free for anyone. Our preference is that our authors do not use a GPL-like license.
Provides copyright protection: True
Can be used in commercial applications: True
Bug fixes / extensions must be released to the public domain: True
Provides an explicit patent license: False
Can be used in proprietary (closed source) applications: False
Is a viral licence: True
Supported by CodeProject: True

Example usage in your code
(Replace 'Foobar' with the name of your product)
This file is part of Foobar.
 
Foobar is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
 
Foobar is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
 
You should have received a copy of the GNU General Public License
along with Foobar.  If not, see <http://www.gnu.org/licenses/>.

"

REPORT: Standish Group 2015 Chaos Report - Q&A with Jennifer Lynch

Project failures, overall, by project size, Agile vs Waterfall and some contributing factors to success (in the opinion of the participants):
Standish Group 2015 Chaos Report - Q&A with Jennifer Lynch

Quoting:

"The 2015 CHAOS Report has recently been released by the Standish Group.  The CHAOS Reports have been published every year since 1994 and are a snapshot of the state of the software development industry.  This year the report studied 50,000 projects around the world, ranging from tiny enhancements to massive systems re-engineering implementations.  This year the report includes an enhanced definition of success looking at some additional factors which were covered in previous surveys.

The results indicate that there is still work to be done around achieving successful outcomes from software development projects. This table summarises the outcomes of projects over the last five years using the new definition of success factors (on time, on budget with a satisfactory result)"
(...)

Listed factors that could help in project success include:

"The definitions for these factors are:
Executive Support: when an executive or group of executives agrees to provide both financial and emotional backing. The executive or executives will encourage and assist in the successful completion of the project.

Emotional maturity is the collection of basic behaviors of how people work together. In any group, organization, or company it is both the sum of their skills and the weakest link that determine the level of emotional maturity.

User Involvement: takes place when users are involved in the project decision-making and information-gathering process. This also includes user feedback, requirements review, basic research, prototyping, and other consensus-building tools.

Optimization is a structured means of improving business effectiveness and optimizing a collection of many small projects or major requirements. Optimization starts with managing scope based on relative business value.

Skilled staff are people who understand both the business and the technology. A skilled staff is highly proficient in the execution of the project’s requirements and deliver of the project or product.

SAME is Standard Architectural Management Environment. The Standish Group defines SAME as a consistent group of integrated practices, services, and products for developing, implementing, and operating software applications.

Agile proficiency means that the agile team and the product owner are skilled in the agile process. Agile proficiency is the difference between good agile outcomes and bad agile outcomes.

Modest execution is having a process with few moving parts, and those parts are automated and streamlined. Modest execution also means using project management tools sparingly and only a very few features.

Project management expertise is the application of knowledge, skills, and techniques to project activities in order to meet or exceed stakeholder expectations and produce value for the organization.

Clear Business Objectives is the understanding of all stakeholders and participants in the business purpose for executing the project. Clear Business Objectives could also mean the project is aligning to the organization’s goals and strategy"

(...)

Success, namely project success is (re)defined as:

"The Standish Group has redefined project success as onTime, onBudget, with a satisfactory result.
Success is hard to define and we had a hard time coming to this conclusion.
Merriam-Webster dictionary defines success as the fact of getting or achieving wealth: respect or fame: the correct or desired result of an attempt; someone or something that is successful: or a person or thing that succeeds.
The Project Management Institute (PMI) has defined success as onTime, onBudget, and onTarget also known as the Triple Constraints and the Iron Triangle. However, we have seen many projects that have met the Triple Constraints and did not return value to the organization or the users and executive sponsor were unsatisfied."




SW Licensing: Licenses Explained in Plain English (TLDRLegal - Software)

A searchable summary (in "plain human-readable" language) of software licensing:
TLDRLegal - Software Licenses Explained in Plain English

Quoting:
"Lookup popular software licenses summarized at-a-glance."