The Benefits of Code Scanning

This isn’t the only place my blogging appears. The Benefits of Code Scanning on Cigital’s Blog:

“All software projects are guaranteed to have one artifact in common – source code. Because of this guarantee, it make sense to center a software assurance activity around code itself.”

-Gary McGraw, Software Security: Building Security In

When an author sits down to write today, they have great tools available to automatically check their spelling and grammar. They no longer need somebody to tediously proofread their work for the mundane errors; the computer does that for them. Tools such as these won’t help if the author has nothing to say, but the simple errors that have long plagued writers are quickly found by modern tools. By the time a work is reviewed, the simple problems have been identified and resolved.

Modern developers have similar tools available to them to address common problems in code. Static analysis tools, also known as code scanners, rapidly look at code and find common errors that lead to security bugs. The tools identify the common problem patterns, alert developers to them and provide suggestions on how to fix the problems. These tools will not take care of underlying design flaws, but they often help developers avoid many security bugs in code long before that code is turned over to testers or is put into production.

Read more…

Shooting College Football at UNA

With our season tickets to UNA’s football games, I’m going to get a chance to figure out shooting college football. It’s not going to be quite as much fun as being around the court or track at Whitesburg Christian Academy sporting events but our seats are more than close enough to make up for not having access to the side of the field. Since most of the games are evening games they’ll mostly be low light which will make it a bit more challenging. Should be interesting to learn the timing and where to focus the camera. I’ve done track and basketball and should be able to translate some of that timing to this.