http://www.artima.com/weblogs/index.jsp?blogger=yo Artima Weblogs is a community of bloggers posting on a wide range of topics of interest to software developers. http://www.artima.com/images/artima88x33.gif http://www.artima.com/ http://www.artima.com/weblogs/viewpost.jsp?thread=200967 At last week's SPA conference, Paul Dyson and I ran a workshop on planning non-functional requirements in agile projects. Here is a personal account. http://www.artima.com/weblogs/viewpost.jsp?thread=162577 Not by angry customers suing for damages after security breaches, or by governments breaking up monopolies, but by open source developers and security professionals accusing them of being obsessed by security. http://www.artima.com/weblogs/viewpost.jsp?thread=159492 The ICT security community is suspicious of agile processes. "They do not produce formal documentation" is an often-heard complaint. Agile developers, on the other hand, blithely ignore security concerns. http://www.artima.com/weblogs/viewpost.jsp?thread=113306 Agile iteration planning has traditionally maximized business value based exclusively on user stories. However, implementing a user story increases the attack surface of a system and consequently the risk of abuse. The cost of absorbing such risk is often not taken into account. Abuser stories redress the balance. http://www.artima.com/weblogs/viewpost.jsp?thread=96577 Security is a blind spot in application development. http://www.artima.com/weblogs/viewpost.jsp?thread=85791 Security professionals have long regarded agile development processes with suspicion, in spite of their reputation for improving software quality. I report on a panel discussion at JavaPolis confronting agile processes with security engineering. http://www.artima.com/weblogs/viewpost.jsp?thread=85559 Eamonn McManus beat me to blogging about JavaPolis on Artima. I add a little sprinkling of Trust and Sex. http://www.artima.com/weblogs/viewpost.jsp?thread=65714 How do you get rid of a mainframe? Don't let it become a monster that feeds off your fears. http://www.artima.com/weblogs/viewpost.jsp?thread=36425 JavaScript is not as innocuous as some would like to believe. http://www.artima.com/weblogs/viewpost.jsp?thread=35921 XSS has been around for a long time, but the current appetite for weblogs opens up new opportunities for attackers. http://www.artima.com/weblogs/viewpost.jsp?thread=24463 The plot summarized and deconstructed. http://www.artima.com/weblogs/viewpost.jsp?thread=20669 A trailer for the security track at JavaPolis featuring O.S. security semantics in language-based systems, JAAS and auditing.