Author Archives: G Wade Johnson

Types of Risk Assessment

When developing software, there are many different dimensions of risk you might consider. There is an enormous amount of information available on Risk Assessment, consider this to just quickly skimming over the topic. Depending on your understanding of risk (or your paranoia), trying to assess risk can be a difficult task. There are several approaches… Read More »

Managing Risk in Production Code

Any project or software includes potential risks. Will it do the job or fail? Will it leak user information? Will it serve as a springboard for attacking other systems? When you realize the need to learn how risky your software is, there are a number of approaches to assessing that risk. If a piece of… Read More »

Secure Development: Threat Models

There are numerous issues that you need to consider when developing almost any software. If you are working on software that connects to a network in any way, security is yet another thing that you need to consider. To introduce this series on Designing Secure software, I’m going to talk about something that normally gets… Read More »

BPGB: (Dis-)Integration Branches

This is another post in my intermittent series of Best Practices Gone Bad (BPGB) Today, we are going to take another side-step into version control. Most development groups use version control of some form. Whether you prefer Subversion, Git, Mercurial, Bazaar, Clear Case, or any of the many others, version control is an important technique… Read More »

LCDC: Different Audiences Have Different Needs

In the last few posts, beginning with The Myth of Code Anyone Can Read, I’ve focused on what you can expect from your programmers in general. Of course, generalizing is what got us into this discussion in the first place, so let’s spend a little time not generalizing. When teaching new programmers, I always tell… Read More »