LOGIN | REGISTER NOW | SUBSCRIBE
 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 
Download Current Issue
ISSUE 2/1/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?


 
blogs tab
Visual Studio 2010 Release Candidate Available Today
A Visual Studio 2010 release candidate is available on MSDN.
02/09/2010 09:45 AM EST

Is Microsoft eyeing Office subscription pricing?
Microsoft may be preparing to offer a new Office pricing option called "union," which charges the same for cloud as on-premises.
02/01/2010 09:38 AM EST

Facebook rewrites PHP runtime
Facebook is about to open source its own PHP runtime, written from scratch for speed.
01/30/2010 08:53 PM EST

 

Events calendar tab
Macworld 2010
2/9/2010 to 2/13/2010
San Francisco
IDG World Expo

SPTechCon 2010
2/10/2010 to 2/12/2010
San Francisco
BZ Media

PyCon 2010 (Python Conf.)
2/17/2010 to 2/25/2010
Atlanta
Python Software Foundation

Southern Calif. Linux Expo
2/19/2010 to 2/20/2010
Los Angeles
SCALE

IBM Pulse
2/21/2010 to 2/24/2010
Las Vegas
IBM


 
print Printable version 
Most Read Latest News Blog Resources
Facebook brings HipHop to PHP
HipHop compiles PHP to speed up the Web layer at world's most popular social networking si...

Adobe moves LiveCycle application platform to the cloud
Release gives developers just what they need to create targeted business process-oriented ...

Oracle acquires AmberPoint
Today's merger will probably affect most of AmberPoint's existing partnerships with other ...

Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter

From the Editors: Secure Coding Skills Are Essential


By SD Times News Team
December 15, 2007 — 
We endorse the Secure Programming Council’s Essential Skills initiatives for secure programming. Its emphasis on an effective secure development life cycle is the right approach, and it is high time the industry cooperated to address security flaws in Web applications.

Personal and other sensitive information is falling prey to malicious hackers that sell it for money or to be used by national intelligence agencies. In a world filled with consultants, employee turnover, new hires and outsourcing, there must be a standard way to assess competency.

The value of fiat certifications is greatly influenced by the people standing behind them. The council has assembled a group of organizations both corporate and governmental working under the banner of the SANS Institute, and it is pounding the pavement to broaden its support. Its value is established and can be relied upon.

Organizations already participating in the effort include CERT/CC, SANS Institute and several U.S. Government agencies, in addition to leading companies in the United States, Japan, India and Germany. It has the big names and resources to make headway.

The SANS Institute security certification entity, Global Information Assurance Certification, has been in operation since 1999 and has the gravitas and experience to certify programmers effectively. Its tests are also organized by security-related tasks that programmers perform regularly and are applicable in real life.

The aim and scope of the council’s efforts are broad and comprehensive. The Secure Software Programmer Certification Exam for Java/Java EE will be the first exam offered, and initiatives are under way for C, C++, .NET languages, Perl and PHP. The certification approach is also ISO 17024-compliant.

The council recognizes that security is in integral part of the software development life cycle. Although there is no single methodology, it is working to find consensus and promote training. Development leads, development managers, product managers, project managers and test managers are as much a part of the process as the developer.

In total, the council is doing the right things for the right reasons. We can only hope that the long-term effect will be a change in how software is developed, to harden systems that are vital to commerce, industry and the public sector.

No Future for Mobile Development
Today, software development for mobile devices is a hot topic for many enterprises, especially for ensuring that their Web applications run properly on smartphones and PDAs.

Soon, we hope this will be a lost art. Not because mobile devices cease to be important. On the contrary, they’re becoming more ubiquitous every day. But rather, because mobile devices and their networks are converging quickly with standard PCs and wireless LANs. Someday, the distinction between a mobile app and a standard app will disappear.

Tim Berners-Lee, founder of the World Wide Web Consortium, recently laid out a vision of mobile computing that calls for just that. His voice speaks not only to his vision, but to the increasing reality.

Consider that Apple’s iPhone, for example, contains a full browser, Safari.

Consider that Sun has said that the differences between Java ME and Java SE will narrow and disappear.

Consider that AJAX and other RIAs transfer much of the workload back to the server, reducing the need for memory, processing power and bandwidth.

Consider that in the United States, a leading wireless carrier—Verizon Wireless—will be opening up its closed network to any device, and any application, in early 2008.

As mobile devices become more powerful, their software stacks edge ever close to standard desktop and notebook PCs. As WiFi becomes more ubiquitous, and as other wireless networks lower their proprietary barriers, they become more like LANs. This is good news for consumers and business users.

Even better, it’s great news for enterprise software developers and Web site creators. Today, it’s an expensive extra step to create mobile-friendly applications, and all too often, the cost is prohibitive. Soon, it should be totally unnecessary to make special mobile applications. We can’t wait.


Share this link: http://www.sdtimes.com/link/31440
 

Add comment


Name*
Email*  
Country     


  • Comment
  • Preview
Loading