Coveros selected by Fortify as Preferred Consulting Partner Herndon, Va., August 26, 2009 — Coveros, Inc., a company that helps organizations accelerate the delivery of secure, reliable software, today announced it has been selected by Fortify Software as a Preferred Consulting Partner. Under the terms of the partnership, Coveros will recommend Fortify’s Software Security Assurance […]
Sonar is a tool to analyze and visualize code quality in Java projects. It isn’t a static code analysis tool itself, rather it uses a number of open source tools to analyze the code, then Sonar gathers the metrics. Its strength is in providing a dashboard, trend reports, and drill downs to help visualize the state […]
I believe that three is a very special number. I can think of (at least) three things to support my belief: H2O Liquid, Solid, Gas It is what it is, although it exists in three different forms (water, ice, steam). Spacial Dimensions Height, Width, Depth These are used to describe the 3D world in which we […]
I have worked as part of a team going into client locations and performing software security assessments. While analyzing the findings of these assessments I have seen a common set of coding omissions that, if implemented, would eliminate the majority of the vulnerabilities that were identified. A brief description of each follows. Input Validation Data […]
Company Recognized as One of Northern Virginia’s Emerging Stars Herndon, Va., June 26, 2009 — Coveros, Inc., a company that helps organizations accelerate the delivery of secure and reliable software, today announced it has been selected as a finalist in the Hottest Bootstrap category of the Northern Virginia Technology Council (NVTC) Hot Ticket Awards. The […]
How do you fit security into your Continuous Integration (CI)? The common response would be, “We do not because … “. Well, you can, without a large effort or a large impact. At a high level you can integrate source code analysis into your daily integration builds so that you know if the change from the previous day […]
Daily stand up meetings, or huddles as Scrum calls them, are a core Agile practice that promotes communication and project visibility. They are an invaluable tool for identifying but not solving problems. So what do you do when a part of your team is in another city or continent? You iHuddle. Er, ah, what is […]
I was recently reminiscing with a friend regarding some of the hairier projects we had worked on together. One in particular stood out. It was for a financial services company. While the project itself had no specific security requirements, the company decided toward the end of the project that it needed to have security […]
I was recently having a discussion with some coworkers about test-driven development. There was some discussion about the relative value and cost, and not surprisingly some dramatically different opinions on the subject. It got me thinking about my own habits. I like test-driven development, but I’m not a purist. I almost always write my code with testing […]
When I first start a new Java project, one of the first things I set up is a skeleton Ant build.xml file. I try to set it up so that a new developer on the project should be able to checkout and compile with no configuration. At least that’s the goal. That means setting up some […]
