« December 2006 | Main | March 2007 »

January 2007 Archives

January 4, 2007

The Problem is Complexity


Marcus Ranum just wrote a piece about Fortify, code review, and why gritting your teeth and trying really hard just isn't going to make your code secure. Read it.

Among other things, the article pretty well qualifies as a Fortify SCA product review. We've had product reviews before, but this one is different because Marcus is not just a software guy, he's a software security guy. He's the first reviewer who really honestly knows how to wield a code review tool and figure out whether or not it does something useful. Since his feedback is mostly positive, I'm going to take this moment to be proud of what we've built. (Insert proud moment here.) Thanks Marcus!

By Brian Chess on Jan 04, 2007 |

January 7, 2007

So what do Computer Hardware, Storage Systems, and Security Software have in common?

More than you might think.

According to CIO magazine, they are the place to be in 2007 and I couldn't be happier.

CIO Magazine recently published its Quarterly Tech Poll results for the fourth quarter of 2006. CIO's from a broad range of companies and industries shared their priorities for 2007 and the three items on the spending shortlist were Computer Hardware, Storage Systems, and Security Software. These are all predicted to be areas for growth in spite of the fact that overall IT spending is projecting a slow-down. In 2002 when we started Fortify, we made a big bet on software security. However, when you consider all the software that runs businesses today, the fact that little if any of it was built with consideration of today's level of access and integration, then consider the fact that development organizations are just now starting to learn about security - ours was a safe bet indeed. Who would have thought that infrastructure would be right up there with security in 2007. I have to say the other two projected growth areas were a bit of a surprise, until I started thinking about it. There is an enduring perpetual quality to the hardware business. Hardware may not be perishable like fruit, but it certainly is not like wine either - it does not grow better with time. When businesses cut spending on core infrastructure, it is a temporary setback - they will be back for more sooner or later. I guess 2007 is the time to shore up the infrastructure and the security.

In any case the poll works for me on all three counts. Following the investment advice of Peter Lynch (famous investment guru at Fidelity), I do a lot of my personal investing in the high-tech industry since it is the industry that I know best. A recent trading strategy has been to buy shares of the companies that use our software. My theory is that the leaders who are first in their segment to get their act together on software security are going to be the companies that excel in other areas as well. As you might guess, most of the leading Computer Hardware and Storage Systems companies are in that portfolio, so 2007 should be good for business all the way around.

By Roger Thornton on Jan 07, 2007 |

January 17, 2007

Team Sports

I have always loved sports. Playing that is, not so much as a fan. If we worked together then you know that I can not make it through a single day without a baseball metaphor or two. One of the things I enjoyed most about sports is the bonds that can form between the fiercest of competitors; the esprit-de-corps that is cemented through collective knowledge, shared experience, and the mutual respect that grows as we learn more about each other and ourselves. The same can hold true in our professional endeavors as well.

Continue reading "Team Sports" »

By Roger Thornton on Jan 17, 2007 |

January 24, 2007

The TAB in Tiburon

Fortify held its semi-annual Technical Advisory Board (TAB) meeting two weeks ago in Tiburon California. We tried a few things at this meeting that we hadn't done before.

First, we invited a few reporters to join us for lunch. Dan Farber from zdnet and Joris Evers from cNet came up from San Francisco to eat with us. I have to say, I was a little nervous about it. Our Technical Advisory Board is is full of outspoken individuals. That's great when you're trying to get feedback on your plans and ideas, but it makes for a raucous, contentious, sometimes searingly critical room. What happens when you throw a few reporters into the mix?

Amazingly enough, good things happen. Dan Farber wrote an article about our lunch time discussion. Dan is not a security guy per-se, so much of the conversation was about the nature of the software security problem. I was particularly happy to get this kind of article in a "mainstream" tech site.
Link

Second, we recorded an episode of The Silver Bullet Security Podcast. It came out really well! We got a lot of different security topics into a 20 minute show.
Link

TAB members in attendance were:
  Marcus Ranum
  Gary McGraw
  Fred Schneider
  Li Gong
  Matt Bishop
  David Wagner
  Greg Morrisett
  Bill Pugh
  Avi Rubin

By Brian Chess on Jan 24, 2007 | | Comments (1)

Presented By

House Rules

This blog is a place for discussion and feedback, both positive and negative. If you post here, you are agreeing to the following Participation Policy...more

Meet the Bloggers

About January 2007

This page contains all entries posted to :: extra :: in January 2007. They are listed from oldest to newest.

December 2006 is the previous archive.

March 2007 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Powered by
Movable Type 3.34