I believe that three is a very special number. I can think of (at least) three things to support my belief: H2O Liquid, Solid, Gas It is what it is, although it exists in three different forms (water, ice, steam). Spacial Dimensions Height, Width, Depth These are used to describe the 3D world in which we […]
I have worked as part of a team going into client locations and performing software security assessments. While analyzing the findings of these assessments I have seen a common set of coding omissions that, if implemented, would eliminate the majority of the vulnerabilities that were identified. A brief description of each follows. Input Validation Data […]
How do you fit security into your Continuous Integration (CI)? The common response would be, “We do not because … “. Well, you can, without a large effort or a large impact. At a high level you can integrate source code analysis into your daily integration builds so that you know if the change from the previous day […]
I was recently having a discussion with some coworkers about test-driven development. There was some discussion about the relative value and cost, and not surprisingly some dramatically different opinions on the subject. It got me thinking about my own habits. I like test-driven development, but I’m not a purist. I almost always write my code with testing […]
When I first start a new Java project, one of the first things I set up is a skeleton Ant build.xml file. I try to set it up so that a new developer on the project should be able to checkout and compile with no configuration. At least that’s the goal. That means setting up some […]
Five years ago, it was not difficult to find companies willing to experiment with Agile on their low-priority, low-visibility initiatives. In my experience, most customers were happy with the transparency and predictability they gained, but where left wondering whether the planning and estimation practices could hold up under the fire of fixed-time, fixed-cost, and fixed-scope initiatives. In […]
Over the past seven years, Coveros team members have served on scores of agile development projects ranging from five-person, custom-development efforts, to large system integration efforts with hundreds of team members working world-wide. One byproduct of all this experience is the recognition of a surprisingly consistent and predictable pattern of value realized by the organizations […]
It is a common mis-perception that agile methodologies view planning and documentation as dated, time-wasting practices that should be avoided. While it is true that the agile manifesto asks us to value response to change over adherence to (static) plans, and working code over comprehensive documentation, it does not ask us to push planning and […]
