Software Estimation Links from November 2010 SE Engineering Notes

The following links were published in the November 2010 ACM SIGSOFT Software Engineering Notes in the "Surfing the Net for Software Engineering Notes" by Mark Doernhoefer. This issues topic was software estimation.


New Security Paradigms Workshop

I was listening to Security Now 229: The Rational Rejection of Security Advice when there was a reference to site/conference that I found intriguing. The entire episode was based on a paper from the conference.

The site,, is the companion to the "New Security Paradigms Workshop" events. The description of the workshop is what I find so fascinating:

The New Security Paradigms Workshop (NSPW) is an annual, small invitation-only workshop for researchers in information security and related disciplines. NSPW’s focus is on work that challenges the dominant approaches and perspectives in computer security. In the past, such challenges have taken the form of critiques of existing practice as well as novel, sometimes controversial, and often immature approaches to defending computer systems. By providing a forum for important security research that isn’t suitable for mainstream security venues, NSPW aims to foster paradigm shifts in information security.

It happens that all of the proceedings for the conference are available online. Well worth reviewing.


Mobile Devices Links from September 2010 SW Engineering Notes

The following links were published in the September 2010 ACM SIGSOFT Software Engineering Notes in the "Surfing the Net for Software Engineering Notes" by Mark Doernhoefer. This issues topic was mobile devices.


Common Weakness Enumeration (CWE)

I was reading a press release for a security analysis program and there was a reference to the "Common Weakness Enumeration site". I was not interested in the product but did decide to investigate the site referenced.

The Common Weakness Enumeration (CWA) is subtitled "A Community-Developed Dictionary of Software Weakness Types." The site is hosted by MITRE”. The scope of the project is to "provides a unified, measurable set of software weaknesses."

It appears that the starting point of this taxonomy of software security weaknesses was quite a few of disparate standards, papers, proposals, etc. A pretty good list and links to original sources can be found on the sources page. Each item in the list includes a description, where the weakness may be introduced, whether it is applicable to particular platforms, examples and related items.


November 2010 mensming Twitter Posts

Follow mensming on Twitter

Many security pros feel there is a gap between certifications and the security needs of IT organizations –
7:09 AM Nov 30, 2010

Workaholism May Be Killing You –
7:15 AM Nov 29, 2010

How to Ask for One More Beer in 50 Languages –
9:09 PM Nov 26, 2010

The 25 Worst High-Tech Habits (and How to Fix Them) –
7:46 AM Nov 22, 2010

NSA: Our Development Methods Are in the Open Now –
6:51 AM Nov 19, 2010

Schneier on Security – Changing Passwords –
6:45 AM Nov 18, 2010

NIST releases a tutorial on automated testing of multiple variables –
8:39 AM Nov 17, 2010

mod_pagespeed – New Google Tool Makes Websites Twice as Fast –
5:31 AM Nov 16, 2010

Getting Your New Hires To Say "We" –
7:10 AM Nov 15, 2010

Firm finds security holes in mobile bank apps –
8:01 AM Nov 12, 2010

2010 State Of The Blogosphere: Facebook And Twitter Drive The Most Traffic (Slides) –
8:46 AM Nov 11, 2010

Microsoft Malware Protection Center – Have you checked the Java? –
7:58 AM Nov 10, 2010

Twitter diplomacy: Who Follows Whom Among World Leaders –
6:45 AM Nov 9, 2010

Conenza is hiring a client account manager –
7:18 AM Nov 8, 2010

Another 10 Mistakes Made by API Providers –
4:52 AM Nov 5, 2010

Interactive HTML 5 Demo Site –
6:10 AM Nov 4, 2010

Report Reveals the Riskiest Web Domains to Visit –
5:44 AM Nov 3, 2010

Inside Google’s Anti-Malware Operation –
Tue 02 Nov 2010 07:53:20 AM PST

Taco Bell Programming –
5:22 AM Nov 1, 2010