I lean on the OWASP list heavily. http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

This analysis is handy also: http://www.cenzic.com/downloads/Cenzic_AppSecTrends_Q1-Q2-2009.pdf

The point is that most of the vulnerabilities are pretty clear.

1. Injection flaws: SQL, OS, and LDAP injection. Pretty clear that building SQL …

Years ago (6? 7?) I did some data profiling in Python.

This required reading COBOL files with Python code.

Superficially, this is not really very hard.

1. Python slice syntax will pick fields on of the record. For example: data[12:14].

#. Python codecs will convert from EBCDIC to Unicode without …

News Flash: Multi-core programming is "hard". EVERYBODY PANIC.

ZOMFG: We either need new tools, new languages or both! Right Now!

Here's one example. You can find others. "Taming the Multicore Beast":

The next piece is application software, and most of the code that has been written in the past has …

About a decade ago, I discovered the concept of Literate Programming. It's seductive. The idea is to write elegant documentation that embeds the actual working code.

For tricky, complex, high-visibility components, a literate programming approach can give people confidence that the software actually works as advertised.

I actually wrote my …

In reflecting on Architecture, I realized that there are some profound differences between "real" architecture and software architecture.

One of the biggest differences is design.

In the earliest days, software was built by very small groups of very bright people. Alan Turing, Brian Kernighan, Dennis Ritchie, Steve Bourne, Ken Thompson …

Got a nice email about architecture -- but the wrong kind.

It was about physical structures, not software.

It is a "bucket-list" of buildings one simply must see. 100 Amazing Buildings Every Architecture Buff Should See. A cool list to have handy.

I know bupkes about buildings. I've lived in them …

XKCD - http://xkcd.com/710/

http://en.wikipedia.org/wiki/Collatz_conjecture#Syracuse_function

I remember learning about this as an undergrad at Syracuse University in the 70's and didn't think much of it. It was just "one of those things" that I heard about, and perhaps wrote a homework assignment in …

Transaction design seems to be really hard for some people. The transactions they build seem to based on some crazy assumptions. The problem is that benchmarking is hard because you have to build enough stuff to get a meaningful benchmark. Everyone thinks your done when really, all you did was …

Common Complaint: "This was the nth time that someone was up in arms that [X] was broken ... PL/SQL that ... has one function that is over 1,500 lines of [code]."

Not a good solution: "Find someway to measure "yucky code"."

Continuing down a path of relatively low value, the …

Check this SD Times article out: Future of data analysis lies in tools for humans, not automatic systems.

"Andreas Weigend... said that “data is only worth as much as the decisions made based on that data."

This is the entire point of IT: IT Systems Support Decision-Making. The job is …