quinta-feira, 21 de março de 2019

Security: What Are The Most Secure Programming Languages (State of Open Source Security Report)

A report on "security of programming languages" used in open source.

Quoting:
"Behind every developer is a beloved programming language. In heated debates over which language is the best, the security card will come into play in support of one language or discredit another.
We decided to address this debate and put it to the test by researching WhiteSource’s comprehensive database. We focused on open source security vulnerabilities in C, Java, JavaScript, Python, Ruby, PHP, and C++, to find out which programming languages are most secure, which vulnerability types (CWEs) are most common in each language, and why."

What Are The Most Secure Programming Languages

To download the report: https://resources.whitesourcesoftware.com/blog-whitesource/is-one-language-more-secure

Quoting:

"Language vulnerabilities

Let’s look at the list from the report and break it down.
Total reported open source vulnerabilities per language:

  1. C (46.9%)
  2. PHP (16.7%)
  3. Java (11.4%)
  4. JavaScript (10.2%)
  5. Python (5.45%)
  6. C++ (5.23%)
  7. Ruby (4.25%)


WhiteSource pulled their info from their database which includes multiple sources including “the National Vulnerability Database, security advisories, GitHub issue trackers, and popular open source project issue trackers”."

Quote Source: https://jaxenter.com/security-vulnerabilities-languages-157038.html








Publicada por à(s)
Etiquetas: , , , , ,

quarta-feira, 13 de março de 2019

Scrum: Technical Debt and Tetris?

An interesting analogy that involves... TETRIS!!!
The simple idea is that lines with holes in Tetris (that will not disappear) might eventually pile up until you're... dead!
Game over.
Just like technical debt in "scrappy" Scrum:

Technical Debt is like Tetris – Eric Higgins – Medium




Publicada por à(s)
Etiquetas: , , , , ,

terça-feira, 12 de março de 2019

Security: The "cheap" that might be expensive?

The "cheap" that might be expensive? Password security implemented by juniors "smells" bad?

Study shows programmers will take the easy way out and not implement proper password security | ZDNet

Quoting:
"Of the 260 developers, only 43 took up the job, which involved using technologies such as Java, JSF, Hibernate, and PostgreSQL to create the user registration component.
Of the 43, academics paid half of the group with €100, and the other half with €200, to determine if higher pay made a difference in the implementation of password security features.
Further, they divided the developer group a second time, prompting half of the developers to store passwords in a secure manner, and leaving the other half to store passwords in their preferred method --hence forming four quarters of developers paid €100 and prompted to use a secure password storage method (P100), developers paid €200 and prompted to use a secure password storage method (P200), devs paid €100 but not prompted for password security (N100), and those paid €200 but not prompted for password security (N200)."
(...)
"Of the secure password storage systems developers chose to implement for this study, only the last two, PBKDF2 and Bcrypt, are considered secure.
8 - Base64
10 - MD5
1 - SHA-1
3 - 3DES
3 - AES
5 - SHA-256
1 - HMAC/SHA1
5 - PBKDF2
7 - Bcrypt"



Publicada por à(s)
Etiquetas: , , , ,

terça-feira, 5 de março de 2019

SW Construction: Good code?

Principles, books, tools for productivity and metrics and more:
https://www.dotnetcurry.com/patterns-practices/1358/code-quality-tools

Publicada por à(s)
Etiquetas: , , , ,
Subscrever: Mensagens (Atom)