Tweets

Entries in philosophy (3)

Are Vulnerability Metrics and Risk Metrics Different?

The Common Vulnerability Scoring System (CVSS) was constructed as a Vulnerability Metric. However, there is no structural difference between CVSS and a generalized Risk Metric model. The types of information that go into both are the same and the behavior of CVSS is consistent with the model.

Click to read more ...

Risk? What Do You Mean?

The products that my employer develops are all about buzzwords like Vulnerability, Compliance, and Risk. You will find these words and phrases all over the computer security field along with others, like Buffer Overflow, Malware, PUPS (potentially unwanted programs, meaning, stuff you probably don't want but if someone called it Malware someone could get sued), Data Loss Prevention, Host Intrusion Prevention System, SPAM, and Antivirus. Most folks are only really aware of one, Antivirus, and may think it means all of the above. :)

Click to read more ...

Software Architecture and Design

I am responsible for the architecture of an "Enterprise Level Product". What does that really mean? The software is big: well over a million lines of code (probably closer to 1.5M) incorporating something like 20 different software technologies. When we need to add a new feature there is rarely a perfect solution. Why? Because the solution needs to fit in with the rest of the product. If we simply chose the best options for that feature in isolation from the rest of the product we would have Frankenstein's Monster. Entropy would take hold, the cost of change would skyrocket, and progress would grind to a halt.

My thoughts on architecture are added to my previous gentle rant about the specific topic of SIMPLICITY and architecture, of course.