Java Code Geeks » Jim Bird http://www.javacodegeeks.com/ Java 2 Java Developers Resource Center Tue, 21 Apr 2015 13:00:55 +0000 en-US hourly 1 http://wordpress.org/?v=4.1.1 Backdoors, Sabotage or Just Plain Stupidityhttp://www.javacodegeeks.com/2015/04/backdoors-sabotage-or-just-plain-stupidity.html http://www.javacodegeeks.com/2015/04/backdoors-sabotage-or-just-plain-stupidity.html#comments Mon, 20 Apr 2015 13:00:34 +0000 http://www.javacodegeeks.com/?p=39278 Someone on your development team, or a contractor or a consultant, or one of your sys admins, or a bad guy who stole one of these people’s credentials, might have put a backdoor, a logic bomb, a Trojan or other “malcode” into your application code. And you don’t know it. How much of a real ...

 

]]>
http://www.javacodegeeks.com/2015/04/backdoors-sabotage-or-just-plain-stupidity.html/feed/ 0
Towards Compliance as Codehttp://www.javacodegeeks.com/2015/04/towards-compliance-as-code.html http://www.javacodegeeks.com/2015/04/towards-compliance-as-code.html#comments Fri, 10 Apr 2015 07:00:35 +0000 http://www.javacodegeeks.com/?p=39040 Infrastructure as Code is fundamental to DevOps. Automating the work of setting up and maintaining systems infrastructure. Making it defined, efficient, testable, auditable and standardized. For the many of us who work in regulated environments, we need more. We need Compliance as Code. Take regulatory constraints and policies and compliance procedures and the processes and ...

 

]]>
http://www.javacodegeeks.com/2015/04/towards-compliance-as-code.html/feed/ 0
Making Refactoring Workhttp://www.javacodegeeks.com/2015/03/making-refactoring-work.html http://www.javacodegeeks.com/2015/03/making-refactoring-work.html#comments Tue, 24 Mar 2015 08:00:03 +0000 http://www.javacodegeeks.com/?p=38473 A recent academic study raises some questions about how useful and how important refactoring really is. The researchers found that refactoring didn’t seem to make code measurably easier to understand or change, or even measurably cleaner (measured by cyclomatic complexity, depth of inheritance, class coupling or lines of code). But as other people have discussed, ...

 

]]>
http://www.javacodegeeks.com/2015/03/making-refactoring-work.html/feed/ 0
Putting Security into Sprintshttp://www.javacodegeeks.com/2015/03/putting-security-into-sprints.html http://www.javacodegeeks.com/2015/03/putting-security-into-sprints.html#comments Fri, 06 Mar 2015 20:00:30 +0000 http://www.javacodegeeks.com/?p=37811 To build a secure app, you can’t wait to the end and hope to “test security in”. For teams who follow Agile methods like Scrum, this means you have to find a way to add security into Sprints. Here’s how to do it: Sprint Zero A few basic security steps need to be included upfront ...

 

]]>
http://www.javacodegeeks.com/2015/03/putting-security-into-sprints.html/feed/ 0
DevOps is not a Racehttp://www.javacodegeeks.com/2015/03/devops-is-not-a-race.html http://www.javacodegeeks.com/2015/03/devops-is-not-a-race.html#comments Mon, 02 Mar 2015 23:00:59 +0000 http://www.javacodegeeks.com/?p=37602 Most of what we read about or hear about in DevOps emphases speed. Continuous Deployment. Fast feedback. Fail fast, fail often. How many times do we have to hear about how many times Amazon or Facebook or Netflix or Etsy deploy changes every day or every hour or every minute?           ...

 

]]>
http://www.javacodegeeks.com/2015/03/devops-is-not-a-race.html/feed/ 0
Don’t waste time tracking technical debthttp://www.javacodegeeks.com/2015/02/dont-waste-time-tracking-technical-debt.html http://www.javacodegeeks.com/2015/02/dont-waste-time-tracking-technical-debt.html#comments Fri, 13 Feb 2015 17:00:02 +0000 http://www.javacodegeeks.com/?p=36966 For the last couple of years we’ve been tracking technical debt in our development backlog. Adding debt payments to the backlog, making the cost and risk of technical debt visible to the team and to the Product Owner, prioritizing payments with other work, is supposed to ensure that debt gets paid down. But I am ...

 

]]>
http://www.javacodegeeks.com/2015/02/dont-waste-time-tracking-technical-debt.html/feed/ 0
Required Reading: Iron Clad Javahttp://www.javacodegeeks.com/2015/01/required-reading-iron-clad-java.html http://www.javacodegeeks.com/2015/01/required-reading-iron-clad-java.html#comments Fri, 30 Jan 2015 05:00:03 +0000 http://www.javacodegeeks.com/?p=36368 They didn’t teach appsec in Comp Sci or in engineering or MIS or however you learned how to program. And they probably still don’t. So how could you be expected to know about XSS filter evasion or clickjacking attacks, or how to really store passwords safely. Your company can’t afford to send you on expensive ...

 

]]>
http://www.javacodegeeks.com/2015/01/required-reading-iron-clad-java.html/feed/ 0
If you got bugs, you’ll get pwnedhttp://www.javacodegeeks.com/2015/01/if-you-got-bugs-youll-get-pwned.html http://www.javacodegeeks.com/2015/01/if-you-got-bugs-youll-get-pwned.html#comments Thu, 29 Jan 2015 14:00:12 +0000 http://www.javacodegeeks.com/?p=36294 The SEI recently published some fascinating research which shows a clear relationship between software quality and software security. The consensus of researchers is that at least half, and maybe as many as 70% of common software vulnerabilities are fundamental code quality problems that could be prevented by writing better software. Sloppy coding. Not checking input ...

 

]]>
http://www.javacodegeeks.com/2015/01/if-you-got-bugs-youll-get-pwned.html/feed/ 0
We can’t measure Programmer Productivity… or can we?http://www.javacodegeeks.com/2015/01/we-cant-measure-programmer-productivity-or-can-we.html http://www.javacodegeeks.com/2015/01/we-cant-measure-programmer-productivity-or-can-we.html#comments Wed, 14 Jan 2015 23:00:15 +0000 http://www.javacodegeeks.com/?p=35796 If you go to Google and search for “measuring software developer productivity” you will find a whole lot of nothing. Seriously — nothing. Nick Hodges, Measuring Developer Productivity By now we should all know that we don’t know how to measure programmer productivity. There is no clear cut way to measure which programmers are doing ...

 

]]>
http://www.javacodegeeks.com/2015/01/we-cant-measure-programmer-productivity-or-can-we.html/feed/ 0
If you could only do one thing to make better software, what would it be?http://www.javacodegeeks.com/2014/12/if-you-could-only-do-one-thing-to-make-better-software-what-would-it-be.html http://www.javacodegeeks.com/2014/12/if-you-could-only-do-one-thing-to-make-better-software-what-would-it-be.html#comments Fri, 12 Dec 2014 20:00:33 +0000 http://www.javacodegeeks.com/?p=34428 Good technical practices are what we have to do to make good software – this is the engineering part of software engineering. Design. Coding. Testing and Reviews. If you could do only one thing to make better software, what would it be? Where would you get the most bang for your buck?       ...

 

]]>
http://www.javacodegeeks.com/2014/12/if-you-could-only-do-one-thing-to-make-better-software-what-would-it-be.html/feed/ 1