October 31, 2006
How to build a better "Death Star".
Gary posted on SCL about an interesting article discussing blackbox testing, and better ways of approaching it. More importantly (and more funny) was the analogies used for the effectiveness of black-box testing:
"When you do a black-box test, you're sort of firing this bullet into the software through the front door," McGraw says. "All you really know is that it went down in there somewhere and something bad happened. You're like Luke Skywalker shooting that thing into the Death Star. It blows up, but you don't really know why."
... and then of course a better way to do it with Tracer:
"Tracer is about helping you to diagnose the problem, instead of just letting you know that you're in trouble," McGraw adds. "It's a great segue way from the current practice of relying on your badness-ometer to actually doing something about software security. It shows you which part of the application is blowing up so that you, as a developer, can build a better Death Star."
Of course, being that Gary sits on the board of Fortify, he has some interest in discussing this. But it does make for an interesting piece. :)
October 20, 2006
Listen to me on eOnCall Radio Broadcast
Yesterday my interview with Eriq Neal for the eOnCall Business Radio Broadcast aired. If you have any interest in learning about my views on data security for small business you might want to listen in.
It's fun to do that sort of thing. I like being put on the spot and not know what we are going to talk about until we actually begin. I hate canned radio/podcasts where you don't have to think, or one of the parties has some sort of agenda to be met.
Thanks to Eriq for a great time. Hope some of you enjoy the broadcast.