GCN INSIDER: Good code, secure code; Security compliance in action; No Flash in the pan

Good code, secure code

Interesting pair of briefings early last month. In the dining room of Washington's Hay-Adams Hotel, Dale Fuller, CEO of Borland Software Corp., mapped out for a GCN editor (literally, in great detail, on ruled paper), the need for better software development processes in government.
Trotting out as an example the FBI's disastrous Virtual Case File system may have been easy pickings, but Fuller's basic points were good ones. In fact, they'd be considered obvious if we weren't always confronted with government projects gone awry. In a nutshell: Do it right, minimize risk, save money.

According to Fuller, Borland's Application Lifecycle Management software has cut program design times to six months in some cases, down from more than a year. The key is a system that helps both business and IT managers effectively communicate requirements and how changes to those requirements affect a project. Fuller said the company is being pulled into more request-for-proposal cycles to help agencies better understand software design. 'Without a repeatable process,' Fuller said, 'it's hard to improve.'

A few days later, Jeff Waxman, CEO of Cloakware Corp., was on the phone talking about the company's new federal systems division. The Vienna, Va., company makes software development tools such as the Cloakware Security Suite that helps agencies and contractors protect applications from tampering or reverse-engineering. Waxman said this type of application-level security can be engineered during development or bolted on later. Code is effectively scrambled, or otherwise 'obfuscated,' Waxman said, so it's useless to hackers. Depending on the criticality of the program, more or less of the code is protected, but only a fraction needs to be protected to keep the software safe.

Security compliance in action

Further evidence that security information management and compliance go hand in hand is a new release from netForensics Inc. of Edison, N.J. The company's nFX Open Security combines SIM functionality, risk analysis and compliance reporting in one package. According to Eddie Schwartz, netForensics' senior architect, the new software takes a unique slant on compliance by expressing it in numerical scores, making it easier for network administrators and security officers to comprehend their security postures. It comes with reports for FISMA compliance and others.

Schwartz said the program's underlying correlation engine can now handle twice the throughput of event checks as previous versions to maintain and fine-tune security rules under extreme loads, such as network attacks. Notably, netForensics made a strategic decision to tightly integrate its product with HP OpenView to allow data to easily flow back and forth, although Schwartz said nFX Open Security can be set up to work with other network management tools.

No Flash in the pan

Java is a platform. Microsoft .NET is a platform. Both allow disparate computing systems to share data.

But is Macromedia Flash a platform? The company's CEO Stephen Elop introduced it that way last month during a GCN-sponsored event for government users. It was the first time officials from San Francisco-based Macromedia Inc. had 'used the 'p' word' to describe Flash, Elop said.

(Macromedia is on schedule to become part of Adobe Systems Inc. of San Jose, Calif., in the fall.)

The company's chief software architect said a Flash platform would 'perfectly complement' infrastructures such as Java and .NET. In short, components of a Flash platform would be used to build more visual, interactive online applications, whether management dashboards or training programs.

The company has a new version of the ubiquitous Flash player, code-named Maelstrom, coming out later this year. Company officials said the new Flash would offer better performance, a better video codec and other presentation tweaks. Other tools that make up the newly anointed platform include Flex (app development), Breeze (online communications) and Communication Server (multimedia streaming). Agencies have used Breeze, for instance, to build collaboration platforms. The Army's 172nd Stryker Brigade Combat Team used Breeze in Iraq to share information. Elop said the FAA, NOAA and NASA are also Flash platform users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.