On Friday, 16 December, Michael Howard hosted a webinar for FedCyber on the Microsoft Security Development Lifecycle (SDL), Howard is Microsoft’s Principal Security Architect with nearly 20 years of experience in the field and literally wrote the book on SDL, a topic that keeps growing more relevant. This year, the federal government put into policy with the National Science and Technology Council’s strategic plan for federal R&D what industry has already learned – the only way to protect against modern cyber attacks is to design security into software development.

While Microsoft is recognized as the leader in their Security Development Lifecycle, SDL is non-proprietary, platform agnostic, and suitable for organizations of any size. The tools for many SDL proceses can be downloaded for free and most content is published under Creative Commons License. Simply put, SDL is a series of 16 practices to ensure that security is incorporated into every part of the software development process rather than as an afterthought. The driving philosophy ofSDL is that no amount of security technology can compensate for insecure applications, and currently 75% of attacks occur at the application layer. There is simply too much that can go wrong. Applications may contain millions of lines of code, but it only takes one line to create a fatal vulnerability. There are many other places in a computer system where security can fail, from web-based attacks such as SQL injections for which vulnerabilities are almost ubiquitous to insecure data configuration and human error by users. Fortunately, the often repeated security paradigm “a system is only as secure as the weakest link” is only partially true. Through compensating controls, a central tenet of the Security Development Lifecycle, we can both reduce vulnerabilities and decrease the severity of the vulnerabilities we missed.

The 16 practices that comprise the Security Development Lifecycle are training requirements, security requirements, quality gates/bug bars, security and privacy risk assessment, design requirements, attack surface reduction, threat modeling, use of appropriate tools, depreciating unsafe functions, static analysis, dynamic program analysis, fuzz testing, attack surface review, creating an incident response plan, a final security review, and release/archive. Specifics on all of these steps can be found here, or in more detail here. In brief, while each practice is important, training is the highest priority. Everyone in the enterprise must know something about cybersecurity. For example, every time they begin a new project, every single software engineer at Microsoft gets some training whether security is in their job title or not. SDL is a systematic way to make sure you inventory your applications for common vulnerabilities like cross-site scripting and SQL injections, inventory your engineers to make sure they have adequate security training and tools, and inventory your supply chain to make sure all steps in the creation process use secure practices. Though security can’t be perfect, SDL aims to compensate for vulnerabilities in a way that products and technology cannot.

You can find out more about SDL here, or when Michael Howard returns to deliver another webinar for FedCyber going into greater technical detail.

Related articles

• The Security Development Lifecycle (ctovision.com)
• Security Development Lifecycle Webinar with Michael Howard (ctovision.com)
• Crucial Point LLC Supports Security Development Lifecycle Webinar with Michael Howard (bobgourley.com)

You may also like -

Security Development Lifecycle Webinar with Michael HowardRegister for 16 Dec webinar on what the CIO needs to know about developing se ...Tech Review for November 2011The Security Development Lifecycle (SDL)SINET Showcase 27 October 2010Crucial Point LLC Supports Security Development Lifecycle Webinar with Michae ...CrucialPointLLCWhat the CIO and CTO need to know about developing secure codeCrucialPointLLCRegister for 16 Dec webinar on what the CIO and CTO need to know about develo ...CrucialPointLLCLearn how to get ready for the FDCCI with Bob Gourley and Carahsoft (Webinar)CrucialPointLLCWMware: The Leader in Virtulization SolutionsCrucialPointLLC

CES is the place to be this week...or is it?

Since @BobGourley won’t send me to CES, I have to constantly monitor my Twitter feed and all of the technology sites. But, we have curated what we believe are the top stories (and will keep updating) to provide you with what you need to know about CES 2012.

CES is getting smaller and less important – but that does not mean I’m going to ignore it. The absence of Apple’s real presence is (not their 250 skulking ninja scouts) means that Android devices undoubtedly are the headliners. Smartphones and tablets are the real money devices, with connected TVs as a back up story. PC manufacturers are trying to get the public excited about ultrabooks, but I don’t buy into the hype myself.

Top Stories thus far:

Asus to release 7″ Tegra 3 Android 4.0 tablet for $249

The 7" MeMO will be a big success!

The Tegra 3 chip is really an awesome performer. It makes Android in all forms run snappy, and is a great 3D game performer. The original Transformer was great, and the Prime was a huge upgrade (even Gizmodo liked it, here). The Kindle Fire has proven demand for 7″ tablets, and at $249 it will crush the Fire in capabilities and function. This will be the best small tablet, and a great starter Android device.

Asus releases ICS for Transformer Prime

The release of ICS was promised months ago by Asus, and it’s great to see them follow through. the Transformer Prime is keying up to be the iPad competitor that Google has always needed. ICS has a refined UX that is easier to use than Honeycomb or Gingerbread, and flattens the Android learning curve.

Windows 8 is around – and people like it!

Microsoft hit the ball out of the park with Windows 7. It sold better than any OS ever, and is widely acclaimed. Windows 8 is Microsoft’s attempt to bring touch to the mainstream OS – and if it is successful will be a huge benefit to the company. Despite the iPad’s dominance, I believe there is room for new devices in the tablet market – and if Microsoft can make a killer enterprise tablet, people will be scrambling to pick it up.

Windows 8 is a big step forward for Microsoft and will dictate their future in the mobile game

Intel releasing Android Smartphone

Android now supports x86 architecture, and Intel has finally released the first x86 Android device. It will be released first in China, but should follow shortly over in the US. The key will be finding the appropriate carrier. As Android is adapted for new uses, the strengths of the platform really shine.

Roku Streaming Stick

I’ve already talked about the Roku boxes in previous posts, but think the streaming stick is an even cooler capability. All you do is plug it into your MHL compatible HDMI port (which might be hard to find) and it will deliver Roku capabilities without the box at all.

So what did we miss? If you were at CES let us know – or if there’s something you think I missed please comment below.

Related articles

• Ryan’s 2012 Tech Predictions (ctolabs.com)
• A look at the Tech of 2011 – Mobile and Gadgets (ctovision.com)
• Google TV – You should buy it, just not yet… (bobgourley.com)

You may also like -

A Look Back At Technology Predictions From Last YearMicrosoft Focuses Big Data Efforts on HadoopMounting a vigorous defense in depthRyan's 2012 Tech PredictionsDefending Against Stuxnet Type ThreatsWhat you’re missing at CES 2012CrucialPointLLCGovernments Missing Out On Virtualization SavingsCrucialPointLLCRyan’s 2012 Tech PredictionsBob GourleyConfiguring Your Enterprise Hardware to NIST StandardsCTOvision.comA look at the Tech of 2011 – Mobile and GadgetsCrucialPointLLC

The two biggest stories of the year were the iPhone 4S and the Samsung Galaxy Nexus

2011 Was definitely the year of mobile and gadget explosion. Our favorite devices became more capable, widespread and cheaper than ever. WiMax fell by the wayside as LTE and HSPDA+ protocols replaced them – the latter just a placeholder until LTE networks could be rolled out. We got some awesome new tablets, some great updates to our favorite mobile OS’s and killer new smartphones. We found that cable cutting is possible — just not if you’re a sports junkie (yet). Keep reading for our summation of 2011 in Mobile and Gadgets.

The Year in Short:

• Apple released their iPad 2, iPhone 4S and iOS 5.
• Google/Android released versions 3.x (for tablets) 4.x for all and the Nexus S and Galaxy Nexus smartphones.
• Microsoft released Windows Phone 7.5 (Mango) yet still does not have a flagship device in NA.
• HP/Palm drops WebOS development, TouchPad firesale creates more development than anything HP every did
• RIM BlackBerry PlayBook released, is horribly crippled and costs RIM upward of $300M (might even cost the jobs of the Co-CEOs).

Apple and Google Win 2011 – to no one’s surprise

The Mobile/Gadget World was utterly dominated by Android and iOS in 2011. At the end of the day, the two operating systems captured over 70% of the US smartphone marketshare. They have marginalized the once great RIM, while Microsoft is struggling just to stay even remotely relevant. The battle between Android and iOS is one of differing approaches to the same problem. Apple has integrated fully in the supply chain, controlling and curating the entire platform. Apple makes large profits on handsets, service, as well as app sales (30% share of every sale).  Google is making their money through ad sales and services, as well a portion of application sales. At the end of the day, Apple is making more money off of smartphones and tablets – while Google has greater influence. Microsoft needs a huge 2012 to remain relevant – and they have the capabilities to do that.

Android and iOS are the only mobile operating systems that mattered in 2012

Both Apple and Google have had some stumbles in the past year. However, these stumbles have created stronger offerings. Android’s Tablet offerings – the 3.x (Honeycomb version) of the operating system was not well received. However, the recently released Ice Cream Sandwich (Android 4.x) and the Galaxy Nexus have given Android the true flagship device they have always needed. Apple’s iPhone 4S was not what the pundits (nor the consumers) desired. It was just another incremental upgrade – but their iOS 5 brought many features (just look at @dbehr24’s post) that were necessary and improved the experience. With Android 4.x and iOS 5, we have two mature, developed operating systems for mobile devices and tablets, and should provide excellent competition in the near future. I do believe that there is room for another contender – if it is done right.

Tablets had a strong showing in 2011, which will continue in 2012

The iPad 2 was the tablet winner, but the Kindle Fire surprised everyone

Tablets have been a secondary story in 2011. The iPad 2 sold like gangbusters, around 12M units a quarter. Apple is still selling some original iPads as well. Android was released for tablets early this year – but still has yet to be widely adopted. The Amazon Kindle Fire has outperformed any and all expectations, with over 4M in sales since it was released (around Thanksgiving). The success of the Kindle Fire has been attributed to both the cost ($199) and the Amazon ecosystem. But in my opinion it is more than just one or the other – but a mix of both, plus the great form factor that is a 7” tablet. The rush for bargain touchpads underscores the consumer demand for a tablet – yet the price points have not met with consumer expectations. India is rolling out their $50 budget tablet now – and I imagine we’ll continue to see the $200-$300 price point to continue to be the sweet spot.

This year, gadgets and mobile were undeniably inextricably entwined. I do not believe that this will necessarily stop. The Android OS is widely available for installation on a vast amount of gadgets, from set top boxes to PMPs. It is used on the majority of smartphones and tablets worldwide (just not the best-selling). Apple made a big move by releasing the iPhone 4S on every single carrier at the same time – Google needs to follow in their footsteps with further Google Experience Devices. While the Galaxy Nexus launch was a success, it was mitigated by infighting and other issues with Verizon. Google has to fight to keep their gadgets in stock – and allow OEMs to ship launchers that can be easily ignored (or changed). So long as OEMs insist that their “special sauce” increases the usability, Android (Google) will lag behind Apple.

The "Beta" gives me a warm and fuzzy for old Google products

Disruptive Actors of 2011

2011 did have some disruptive actors. Most notably is Republic Wireless, (blog here). They offer unlimited mobile data, text and voice with a commitment to using Wi-Fi for only $20 a month. The service piggybacks Sprint’s network, which cannot be the only network they use. Cable cutting is another disruptive capability; one that removes the monopoly of cable and satellite providers. Apple, Roku, Boxee, and Google TV are among the products that enable cable cutting. As Android is better adopted for the big screen (it already looks great), cable cutting will become more widespread.

Related articles

• Which Technology Team Will You Be On? (ctovision.com)
• Now that ICS is here, don’t buy an Android that’s not the Galaxy Nexus (bobgourley.com)
• Google’s Currents is what Reader should have been (ctovision.com)

You may also like -

Now that ICS is here, don't buy an Android that's not the Galaxy NexusApple has $46B Quarter - But what does it mean?A Look Back At Technology Predictions From Last YearWhat you're missing at CES 2012All Hail the Galaxy NexusA look at the Tech of 2011 – Mobile and GadgetsBob GourleyNow that ICS is here, don’t buy an Android that’s not the Galaxy NexusCrucialPointLLCOne Month Later, the Galaxy Nexus is still the phone to beatCrucialPointLLCApple has $46B Quarter – But what does it mean?CrucialPointLLCRecent study finds Apple iOS more crash-prone than AndroidCrucialPointLLC

A very interesting (OK, it was pretty cool) vulnerability in the TCP stack of Windows Vista and above (including 32-bit and 64-bit versions and Windows Server 2008) was recently announced and patched. This vulnerability is of particular note not just because of the wide range of products that it affected, but because of how the vulnerability worked.

The issue resides in a reference counter, which overflows and causes some erratic system behavior which could (in some cases) result in remote code execution. The kicker? This vulnerability can be run on any closed UDP port. That’s right, a vulnerability that affects a closed port. The Windows firewall doesn’t work against this because it’s a vulnerability in the way that the driver tracks number of packets. In order to trigger the vulnerability, an attacker sends 2^32 packets to the target. The attacker will most likely this more than once, since code execution is just one of four execution paths that can occur.  2^32 packets translates about 4 billion packets, which would mean more than 4 gigabytes of traffic.

Related articles

• Hackers exploit Adobe Reader zero-day, may be targeting defense contractors (bobgourley.com)
• What You Need to Know About Duqu (ctolabs.com)
• Security Theater: USB Everythings (ctovision.com)

On Friday, December 16th, 2011, FedCyber.com will host a webinar featuring one of the great champions of secure code, Mr. Michael Howard.

For more information and to register for this event see:

https://www3.gotomeeting.com/register/551297622

More on the webinar: 

FedCyber.com is pleased to announce a special opportunity to interact with Mr. Michael Howard, author of the Security Development Lifecycle process improvements and lead security researcher and architect at Microsoft. Michael Howard is a principal security architect at Microsoft, focusing on secure design, programming, and testing techniques. He works with thousands of people both inside and outside the company each year to help them improve security and privacy within their software. Howard is an editor of IEEE Security & Privacy, a frequent speaker at security-related conferences and he regularly publishes articles on secure coding and design, Howard is the co-author of six security books, including the award-winning Writing Secure Code, 19 Deadly Sins of Software Security, The Security Development Lifecycle, Writing Secure Code for Windows Vista and his most recent release 24 Deadly Sins of Software Security. He has worked on Microsoft Windows security since 1992.

In this 30 minute executive level session Michael Howard will provide an overview of the Security Development Lifecycle, focused on what federal CIOs should know about this methodology. Participants will learn how SDL minimizes security-related code defects and how this methodology can be applied to any development process.
Webinar Title: Security Development Lifecycle webinar with Michael Howard
Date: Friday, December 16, 2011
Time: 2:00 PM – 3:00 PM EST

Register at: https://www3.gotomeeting.com/register/551297622

After registering you will receive a confirmation email containing information about joining the Webinar.
System Requirements
PC-based attendees
Required: Windows® 7, Vista, XP or 2003 Server
Macintosh®-based attendees
Required: Mac OS® X 10.5 or newer

You may also like -

Security Development Lifecycle Webinar with Michael HowardTech Review for November 2011FedCyber Webinar: The Security Development LifecycleAnnouncing FedCyber.com: A resource for firms with cybersecurity solutions fo ...DoDIIS Conference Agenda PublishedRegister for 16 Dec webinar on what the CIO needs to know about developing se ...CrucialPointLLCCrucial Point LLC Supports Security Development Lifecycle Webinar with Michae ...CrucialPointLLCWhat the CIO and CTO need to know about developing secure codeCrucialPointLLCRegister for 16 Dec webinar on what the CIO and CTO need to know about develo ...CrucialPointLLCThe Evolving Enterprise Threat EnvironmentCrucialPointLLC

Editor’s note: This post by Derek Singleton of Software Advice reviews more extensive work at: Enterprise Software History, Part 2: Minicomputers to the PC.

A while back, I kicked off a series recounting the history of ERP software. In my first post I covered the time spanning from punched cards to the mainframe. If you’ll remember, the unveiling of UNIVAC I gave birth to the “big iron” industry and the spread of mainframe computers that took up an entire room and team of operators to control. While the spread of mainframes constituted great technological innovation, the prohibitive financial and labor investment of the mainframe left computing capabilities largely in the hands of the enterprise. For the next part in my series, I’d like to cover a bit of the history of how we shifted from the mainframe to the PC.

In the late 1960′s and early 1970′s the dominance of mainframes and supercomputers started to give way to the minicomputer. The minicomputer served as a bridge between the hulking mainframes and the personal computers that would come to revolutionize the enterprise. As hardware capabilities expanded, so too did enterprise software capabilties. ERP software vendors began to develop more complex applications and move from manufacturing applications such as mrp system software to more general applications like accounting.

Thanks to the development of integrated circuits and core memory technologies, computers began to occupy a much smaller footprint. Around this time, the origins of modern operating systems – such as BASIC and Unix – were beginning to take shape and thereby laying the foundation of what would spur widespread microprocessor application in the PC.

In 1975, Bill Gates and Paul Allen developed BASIC software for the MITS Altair 8800, one of the first PCs and surely the first affordable computer. From there, Gates and Allen started Microsoft and launched a series of innovations that totally transformed computing by democratizing access to computer technology. Suddenly enterprise software became accessible to more than just a few engineers. With the introduction of the PC, the enterprise was transformed by the acceleration of enterprise software adoption.

Of course the innovations and myriad actors that played a part in the PC revolution are too many to count and are too lengthy to detail here. To provide a summary of the innovations of this time period, I put together an infographic that to help tell the story.

If you’re interested in reading a more detailed version of this history, please visit Enterprise Software History, Part 2: Minicomputers to the PC.

Related articles

• A Chronicle of Enterprise Software History (ctolabs.com)
• How Apple is Impacting Enterprise Software Development (ctovision.com)
• The PC is Changing Before Our Eyes (bobgourley.com)

On Friday, December 16th, 2011, FedCyber.com will host a webinar featuring one of the great champions of secure code, Mr. Michael Howard.

For more information and to register for this event see:

https://www3.gotomeeting.com/register/551297622

More on the webinar: 

FedCyber.com is pleased to announce a special opportunity to interact with Mr. Michael Howard, author of the Security Development Lifecycle process improvements and lead security researcher and architect at Microsoft. Michael Howard is a principal security architect at Microsoft, focusing on secure design, programming, and testing techniques. He works with thousands of people both inside and outside the company each year to help them improve security and privacy within their software. Howard is an editor of IEEE Security & Privacy, a frequent speaker at security-related conferences and he regularly publishes articles on secure coding and design, Howard is the co-author of six security books, including the award-winning Writing Secure Code, 19 Deadly Sins of Software Security, The Security Development Lifecycle, Writing Secure Code for Windows Vista and his most recent release 24 Deadly Sins of Software Security. He has worked on Microsoft Windows security since 1992.

In this 30 minute executive level session Michael Howard will provide an overview of the Security Development Lifecycle, focused on what federal CIOs should know about this methodology. Participants will learn how SDL minimizes security-related code defects and how this methodology can be applied to any development process.
Webinar Title: Security Development Lifecycle webinar with Michael Howard
Date: Friday, December 16, 2011
Time: 2:00 PM – 3:00 PM EST

Register at: https://www3.gotomeeting.com/register/551297622

After registering you will receive a confirmation email containing information about joining the Webinar.
System Requirements
PC-based attendees
Required: Windows® 7, Vista, XP or 2003 Server
Macintosh®-based attendees
Required: Mac OS® X 10.5 or newer

You may also like -

Security Development Lifecycle Webinar with Michael HowardRegister for 16 Dec webinar on what the CIO needs to know about developing se ...Yesterday's Security Doesn't Work for Today's ThreatsThe Evolving Enterprise Threat EnvironmentNote to CIOs: Your organization will never be 100% secureFedCyber Webinar: The Security Development LifecycleCrucialPointLLCRegister for 16 Dec webinar on what the CIO and CTO need to know about develo ...CrucialPointLLCWhat the CIO and CTO need to know about developing secure codeCrucialPointLLCCrucial Point LLC Supports Security Development Lifecycle Webinar with Michae ...CrucialPointLLCNew Enterprise CIO Forum Blog Talk RadioCrucialPointLLC

Open source software has historically had a hard time competing with its big budget proprietary rivals but, as Bob Gourley explains in an interview with Federal Computer Week, “Hadoop is totally unique in many ways.”

Hadoop, and a handful of open-source tools that complement it, has no equal when it comes to making gigantic and diverse datasets easily available for quick analysis using clusters of inexpensive computers, Gourley said. The oddly named software is already considered mission-critical at Web giants such as Facebook, Twitter, Yahoo and many others for marketing chores, personalizing Web pages and detecting junk mail.

Nevertheless, agency IT officials still need to weigh their options carefully because Hadoop, like most open-source tools, can require a significantly bigger commitment of skills and involvement from its users than most commercial products demand.

Hadoop’s roots go back to 2004, when Google published a paper on a parallel processing technique it had developed to juice its Web operations, called MapReduce. Those ideas inspired Doug Cutting to create the Java-based Hadoop, which he named after his son’s toy elephant.

There is no proprietary match for Hadoop in the realm of Big Data analysis across clusters of commodity computers. Many have tried to field in-house designed or proprietary solutions for this type of work, but so far there seems to be just one closed/proprietary system for this approach, and that is the pre-Hadoop methods of Google. Microsoft recently  abandoned work on its Hadoop alternative to focus on integrating the open source software with its server and cloud platforms. Already, Hadoop is competing with and beating commercial software at solving Big Data problems and is critical to private companies like Twitter, Facebook, and Yahoo, as well as to federal agencies such as the NSA, which adopted Hadoop two years ago to store, share, and analyze massive amounts of unstructured data.

The Federal Computer Week articles also covered many other aspects of Hadoop and Big Data.

The National Security Agency started using Hadoop two years ago for a massive, nationwide system for sharing and analyzing data. The system also houses unstructured text, large files and other forms of intelligence with unprecedented scalability, reported J. Nicholas Hoover for InformationWeek.

“The object is to do things that were essentially impossible before,” said Randy Garrett, director of technology at NSA’s integrated intelligence program, at a symposium at the time.

The NSA is using Hadoop to do what it had previously thought impossible, and it is not alone within government. As the Government Big Data Solutions Award highlighted at this year’s Hadoop World, numerous innovators and agencies are leveraging the open-source software to provide taxpayers with better and more agile service. The winner of the award, the General Services Administration’s USASearch, uses Hadoop and Hive to go from utilizing only the most essential data to storing and analyzing anything that might be useful for its 550 government agency clients.

Using Hadoop with the Hive open-source data warehousing software fundamentally changed how the system designers thought about data, said Ammie Farraj-Feijoo, GSA’s program manager for USASearch.

“Freed from the constant anxiety of wondering how we were going to handle an ever-increasing amount of data, we shifted from trying to store only what we really needed to storing whatever we thought might be useful,” wrote Loren Siebert, an independent software developer and technical lead for the USASearch program, in a blog entry describing the project.

But as with all open-source software, Hadoop comes with some challenges. Assembling a Hadoop stack then installing, configuring, and using the software on your own is a hands-on, complicated process. Users must also program applications to perform analysis on their own. That’s why companies such as Cloudera offer distributions of Apache Hadoop, support, and applications to fascilitate enterprise-grade deployments.

Related articles

• CTOlabs.com Assessment on “What You Need To Know About Hadoop” (ctolabs.com)
• Microsoft Focuses Big Data Efforts on Hadoop (bobgourley.com)
• GSA USASearch Wins 2011 Government Big Data Solutions Award (bobgourley.com)

You may also like -

Big Data is All the Rage. Why?Tech Review for November 2011Hadoop World Breakout Sessions 8 and 9 Nov: Recommendations for the enterpris ...Big Data Success in GovernmentMicrosoft Focuses Big Data Efforts on HadoopBig Data Tip For The New Project Manager: Starting With Apache HadoopCrucialPointLLCWashington DC Area Hadoop Users Group (HUG)Bob GourleyCome to the DC Hadoop Users Group meeting 25 Jan!!Bob GourleyCloudera Day in DCCrucialPointLLCJoin Cloudera and Carahsoft for Big Data Success in GovernmentBob Gourley

On Friday, December 16th, 2011, FedCyber.com will host a webinar featuring one of the great champions of secure code, Mr. Michael Howard.

For more information and to register for this event see:

https://www3.gotomeeting.com/register/551297622

More on the webinar: 

FedCyber.com is pleased to announce a special opportunity to interact with Mr. Michael Howard, author of the Security Development Lifecycle process improvements and lead security researcher and architect at Microsoft. Michael Howard is a principal security architect at Microsoft, focusing on secure design, programming, and testing techniques. He works with thousands of people both inside and outside the company each year to help them improve security and privacy within their software. Howard is an editor of IEEE Security & Privacy, a frequent speaker at security-related conferences and he regularly publishes articles on secure coding and design, Howard is the co-author of six security books, including the award-winning Writing Secure Code, 19 Deadly Sins of Software Security, The Security Development Lifecycle, Writing Secure Code for Windows Vista and his most recent release 24 Deadly Sins of Software Security. He has worked on Microsoft Windows security since 1992.

In this 30 minute executive level session Michael Howard will provide an overview of the Security Development Lifecycle, focused on what federal CIOs should know about this methodology. Participants will learn how SDL minimizes security-related code defects and how this methodology can be applied to any development process.
Webinar Title: Security Development Lifecycle webinar with Michael Howard
Date: Friday, December 16, 2011
Time: 2:00 PM – 3:00 PM EST

Register at: https://www3.gotomeeting.com/register/551297622

After registering you will receive a confirmation email containing information about joining the Webinar.
System Requirements
PC-based attendees
Required: Windows® 7, Vista, XP or 2003 Server
Macintosh®-based attendees
Required: Mac OS® X 10.5 or newer

You may also like -

Register for 16 Dec webinar on what the CIO needs to know about developing se ...FedCyber Webinar: The Security Development LifecycleTech Review for November 2011The Security Development Lifecycle (SDL)Announcing FedCyber.com: A resource for firms with cybersecurity solutions fo ...Crucial Point LLC Supports Security Development Lifecycle Webinar with Michae ...CrucialPointLLCWhat the CIO and CTO need to know about developing secure codeCrucialPointLLCRegister for 16 Dec webinar on what the CIO and CTO need to know about develo ...CrucialPointLLCLearn how to get ready for the FDCCI with Bob Gourley and Carahsoft (Webinar)CrucialPointLLCPresident Mentions Cyber-Threats in State of the Union AddressCrucialPointLLC

Microsoft has shown once again that it can act decisively and smartly improve its offerings in doing so. It has “disrupted” itself in a way that will be positive for the community and probably the Microsoft bottom line.

In a November 11 blog post, Microsoft announced that it would not be moving forward with a production release of LINQ to HPC, something that was an alternative distributed Big Data platform. Codenamed Dryad, LINQ to HPC would have been Microsoft’s proprietary alternative to Hadoop, designed to run Big Data jobs on clusters of Windows servers. Instead, they are focusing their efforts on developing Hadoop distributions for Windows Servers and Azure, a platform for building, hosting, and scaling applications in Microsoft datacenters.

The Microsoft post read in part:

Hadoop has emerged as a great platform for analyzing unstructured data or large volumes of data at low cost, which aligns well with Microsoft’s vision for its Information Platform.  It also has a vibrant community of users and developers eager to innovate on this platform.  Microsoft is keen to not only contribute to this vibrant community, but also help its adoption in the Enterprise.  We expect a preview version on Windows Azure available by end of the calendar year.

In the post, Microsoft said that it chose to stick with Hadoop because of its proven low cost, high performance, and vibrant community. Microsoft’s Hadoop stacks will be open sourced through the Apache Software Foundation like the original code and will work with Microsoft’s business-intelligence tools such as Excel, PowerPivot, and PowerView. With its contributions, Microsoft hopes to broaden Hadoop’s adoption in the enterprise by simplifying the downloading, installation, and configuration of members of the Hadoop ecosystem including HDFS, Hive, and Pig. Microsoft also plans to enable users to write MapReduce jobs in Javascript. Expect a test build of Hadoop for Windows Azure by the end of the year and one for Windows Server in early 2012.

Related articles

• Microsoft Ditches Dryad, Focuses On Hadoop (informationweek.com)
• Microsoft Kills Own Big Data Project In Favor of Open Source (wired.com)

You may also like -

Hadoop is an Open Source Revolution: Federal Computer Week InterviewBig Data is All the Rage. Why?Hadoop World Breakout Sessions 8 and 9 Nov: Recommendations for the enterpris ...Data Wizards Know Hadoop is Powerful: But they want more automationFrom the Apache Software Foundation Blog: The Apache Software Foundation Anno ...Splunk is Going PublicCrucialPointLLCIf You Use Hadoop You Have Been Waiting For This: Cloudera Enterprise 3.7CrucialPointLLCBig Data Tip For The New Project Manager: Starting With Apache HadoopCrucialPointLLCWashington DC Area Hadoop Users Group (HUG)Bob GourleyThe Future of Hadoop in BioinformaticsCTOvision.com