CISO Panel: Speaking Klingon to Captain Kirk

This year's RSA Conference was chock full of great content. One of my favorite sessions was the chief information security officer (CISO) panel, hosted by Cigital Inc. CTO and build-security-in guru Gary McGraw. Instead of a whip, McGraw wielded a Star Wars lightsaber (a vendor was handing them out on the exhibit floor) to keep four top security execs moving through a series of "driving" questions.

In answering a question about measuring risk, Gary Warzala, CISO at Visa, argued that, although it was certainly important to measure an organization's vulnerabilities and level of compliance, it was just as important to make sure that risk is owned throughout the enterprise.

More

Posted by John K. Waters on March 5, 20130 comments


RSA Preview: HP Security Mavens on the Cybercrime Marketplace

The annual crypto-uber-geek, cyber-security trade show, better known as the RSA Conference, gets underway next week in San Francisco. I love this event. The content is broad and deep and sometimes downright scary. Even registering for the thing can be unsettling: never have I had to work so hard to create a password. And you need a personal access code to get on the wireless network at the show. So cool.

More

Posted by John K. Waters on February 22, 20130 comments


Java: The Most Popular Programming Language

Forget the headline-grabbing revelations of new security flaws, the dogged dissing from Apple and the dire warnings from the U.S. Department of Homeland Security: Java is the world's most popular programming language. That's according to TIOBE Software's latest Programming Community Index.

TIOBE is a Netherlands-based provider of software quality assessment services based on the ISO/IEC 9126 standard. The company ranks the popularity of software languages based on "the number of skilled engineers world-wide, courses, and third-party vendors." The purpose of the Index, the company says, is to provide coders with a kind of contextual yardstick with which to measure their own language skills against current demand.

More

Posted by John K. Waters on February 13, 20131 comments


2013 Challenges for Developers, Part III: Future Challenges

A number of insightful industry watchers got back to me right after the holidays with their thoughts on the challenges facing developers in 2013. (Most of them didn't even seem that hung over.) It was just too much wisdom to cram into two blog posts, so we're going with a Part III.

John R. Rymer, principal analyst at Forrester Research Inc., covers application development and delivery (and writes a killer blog). He agreed with his colleagues that mobile will continue to vex developers, as will the need to learn and employ multiple languages. However, he was surprised (as was I) that the arrival of Windows 8 didn't top more lists.

More

Posted by John K. Waters on February 6, 20130 comments


Mozilla Unveils Firefox OS Developer Preview Phones

Earlier this month Mozilla announced the first developer preview phones specifically designed for its Firefox OS.

The phones -- two of them -- are being developed by a Spanish startup called GeeksPhone in partnership with Spanish telecom Telefónica. Mozilla says the phones will be available sometime in February.

More

Posted by John K. Waters on January 31, 20130 comments


Oracle Promises To 'Fix' Java

An Oracle executive has promised to "fix" problems with Java that have left Web sites running the Java plugin vulnerable to malicious hackers and resulted in some high-profile security breaches. Speaking with Java User Group (JUG) leaders during a conference call last week, Oracle's senior product security manager, Milton Smith, said that his company cares about Java security, and has been working on the problem and will continue to do so.

More

Posted by John K. Waters on January 30, 20132 comments


Could Security Woes Eventually Kill Client-Side Java? Analysts Weigh In...

More on this topic:

Client-side Java has a big, bright bull's eye painted on it, and black hats just can't seem to resist shooting at it. Oracle was relatively quick to response to news of the latest critical vulnerability in Java 7 (revealed last Thursday; fixed by Sunday), but many security mavens have been unwilling to tell users that it's safe to enable Java in their browsers again. It didn't help that the U.S. Computer Emergency Readiness Team (US-CERT), which is part of the U.S. Department of Homeland Security (DHS), has issued a warning to Average Joe computer users to disable Java.

More

Posted by John K. Waters on January 16, 20134 comments


2013 Challenges for Developers, Part II: Demand for Multiple Language Skills

By this time last year, the term "polyglot programmer" had entered the IT lexicon, and there was plenty of talk about the strategic advantage of learning to use a wider variety of programming languages, frameworks, databases, interface technologies and other development tools. Last year's strategic advantage may be evolving into this year's survival strategy.

"I would argue that developers need to be fluent in multiple languages now," said Forrester analyst Jeffrey S. Hammond. "I see that in my data: I've talked about the multilingual developer who programs in no single language more than 50 percent of the time, and that's definitely on the rise. I don't see how you get away with just being a C++ developer or a C# developer or a Java developer anymore."

More

Posted by John K. Waters on January 11, 20130 comments


2013 Challenges for Developers, Part I: Mobile and Cloud

In 2013, life for developers is going to get interesting, say industry watchers -- which sounds great until you remember that old (purportedly) Chinese curse. Living in "interesting times" is likely to prove challenging to hard-working codederos.

Dana Gardner, president and principal analyst for Interarbor Solutions (and a must-read blogger) sees 2013 as the time for developers to make strategic bets on both mobile and cloud, but he also advises caution.

More

Posted by John K. Waters on January 7, 20131 comments