Gatsby Logo

Articles Page

MyTechieBits

08.30.2019

RoseCheckers for CERT Secure Coding Standards for C and C++ checks

Rosecheckers is a static analysis tool for C/C++ source code. Specifically, it applies the CERT Secure Coding Standards for C and C++ checks . In general, relative to cppcheck or "gcc -wall" it…
07.26.2019

Documenting Code

There are 2 types of documentation: describes the code - aimed at a developer of that code e.g. an API document describes how to use that code - e.g. a HowTo Per linux/openssl guide, documents should…
07.19.2019

Principles and Patterns For Secure Software

Principles provide the high level guidelines for a system. Patterns can be applied to implement these principles and allow use of known good solutions for common problems. Principles Some of the…
07.18.2019

Software Documentation

Doxygen can be used to create software documentation using many input (and ouput) formats. Here we use it to combine doxygen tags that describe function parameters, a PlantUML diagram, and Markdown in…
06.22.2019

PlantUML Open Security Architecture Icons

Open Security Architecture (OSA) is an excellent resource for security architects providing a catalog of controls, patterns, and requirements from numerous standards, governance frameworks…
06.21.2019

PlantUML

PlantUML can be used to create several UML diagram types from a simple text file description. It can run from command line, editor (e.g. VSCode plugin ), browser (e.g. Chrome browser ) or online…
06.17.2019

ARC42 Architecture

Arc42 is a template for architecture communication and documentation. "Arc" is for Architecture, and "42" is based on the book "Hitchhikers Guide to the Galaxy", by Douglas Adams, where "42" is the…
06.15.2019

C4 Architecture

“Big design up front is dumb, but doing no design up front is even dumber.” Dave Thomas The C4 Model is a lightweight software architecture description method. It consists of a set of 4 diagrams…
05.18.2019

Attack Tree Threat Modelling

Attack trees provide a methodical way of describing the security of systems,based on varying known attacks. Basically, you represent attacks against a system in a tree structure, with the goal as the…
04.12.2019

Software Assurance

Software assurance (SwA) is defined as "the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during…
04.09.2019

DevSecOps Thoughts from the Trenches

Dev(Sec)Ops Thoughts from the Trenches Presentation This presentation is a tour of a Dev(Sec)Ops factory, highlighting some key points about each part. It emphasises The end goal: Delivering Value…
03.17.2019

SONAR Source Code Quality Dashboard

Sonar is an open source platform to manage source code quality: Main objective: make code quality management accessible to everyone with minimal effort with a dashboard view and quality gates. It…
02.18.2019

Definition of Ready, Done, Acceptance Criteria

Deliver Value An organisation delivers value to the customer through a timely efficient solution value : we deliver customer value - not hardware - not software - and not the things that have no value…
01.18.2019

Value Stream Mapping

Reduce Time to Market with Value Stream Mapping The value stream is the most important organizational construct in SAFe . “Taking a systems view of value delivery" means understanding all the steps…
10.18.2018

Trello BookShelf

Trello has many uses - including as a virtual bookshelf organised by the value it delivers to you. Organize books by value to you the area you want to learn about the value of each book in that area…
10.13.2018

Deliver Value - Filter - Focus - Flow

Value Stream "Your mental energy is your most valuable asset" so we need to spend it wisely (The Science of Intelligent Achievement: How Smart People Focus, Create and Grow Their Way to Success) Don…
04.15.2018

Jira queries

JIRA queries unleash the full power of JIRA. Below is a living list of some useful queries. Find Issues That I Updated Recently Find Only Open Issues That I Updated Recently Find all issues in a user…
01.01.2018

Static Site Generation - again

Decades ago (before PHP ), I maintained a photo gallery website of personal images. The content was static i.e. no database or javascript. I wrote some Perl scripts to resize the images (main and…