Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I'm very interested in learning about cryptography, steganography, and similar practices.
What books, resources, would you guys recommend in this area?
seminal crypto book
http://www.schneier.com/book-applied.html
This book is very nice and gives you a general idea about cryptography and as far as I remember some it gives also some information about steganography (from the ancient times):
The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography although not an academic book.
For steganography you could check also the following two: Disappearing Cryptography, Third Edition: Information Hiding: Steganography & Watermarking or Digital Watermarking and Steganography: Fundamentals and Techniques. As you are a Java developer you may also want to take a look at the Digital Invisible Ink Toolkit.
If you want to go deep into Cryptography (for example RSA algorithm) you should read math books about number theory, abstract algebra (for an introduction to these you can check this: A Primer on Algebra and Number Theory for Computer Scientists (it's a pdf file)). Or if you want to go much deeper you should read about elliptic curve cryptography.
About hacking you may want to take a look at this one: Hacking: The Art of Exploitation.
This book The Art of Deception: Controlling the Human Element of Security is also nice to read in order to learn social engineering techniques.
For learning hacking, i would suggest The art of Exploitation by John Ericson, Grey Hat hacking, Network Security and cryptography by William Stalling and even better playing online wargames (security challanges).
Good luck
In addition to the Schneier book already mentioned, I recommend Beginning Cryptography With Java.
I would suggest, in order to integrate your books with a different media, this online course: https://www.coursera.org/course/crypto
It's very well done, it offers both theoretical and practical sessions.
The Coursera crypto course is a good introduction to cryptography. As far as practical resources go I would suggest:
Over the wire - practical security challenges from basic configuration issues to exploit dev.
SmashTheStack - lots more practical security challenges.
Corelan tutorials - tutorials on exploit development
DEF CON - Defcon is a famous security conference that also has a reasonable reading list and a lot of videos from their conferences.
In my development experience I have found it useful to have a go at some of these things to really improve my secure software development. There are also capture the flag events that are events designed to educate and test security knowledge and deep knowledge of systems. Some of them include:
DEF CON - probably the biggest and toughest of them all
Ghost in the Shellcode - hosted at Shmoocon
Plaid CTF - run by team from Carnegie Mellon University
CSAW - run by NYU Poly
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
I have some ideas for software that can create HDR images or panoramas. I'd like to learn how to do these myself, for example how to create algorithms for image alignment, combining parts of images for HDR & tonemapping, etc. (Preferably in C/Obj-C, though the concepts will apply to any language.) Where are the best places to learn about these things, and what might be some simple projects I could start with?
I'm near the fabulous Powell's Technical Bookstore, so I can easily take a trip there — if you have any specific recommendations for books I'd love to hear them.
This is probably way too late to help, but for anyone else out there hoping to start more or less from scratch learning about Panoramas and/or HDR imaging, I'd recommend starting by reading Richard Szeliski's excellent Panorama Tutorial. He's one of the leading names in Panoramic imaging research, and that tutorial gives a thorough overview of all aspects, from image formation basics to registration (bringing disparate images into a commong coordinate system), blending, ghost removal, etc. It also covers HDR aspects of Panoramic images such as how to combine differently exposed images into a panorama. He also recently published a computer vision textbook that would probably have a lot of useful info; I know it has at least a small section on HDR imaging. Draft versions of the book are available for free on the associated website.
One algorithm for image alignment is the Scale Invariant Feature Transform (and another, perhaps more approachable reference, and Google will probably turn up many more). You might find autopano-sift-C and/or the open-source parts of libpano useful, either directly or for inspiration.
[Perhaps somebody else can/will help you with the HDR part -- I won't have anything to do with that.]
Taking an HDR class at my university, I would advice "High Dynamic Range Imaging Acquisition Display and Image Based Lighting" book for basic knowledge. It has many sections that you may find best algorithms in literature.
For alignment, I recommend you to have a look at Greg Ward's widely used "Fast, Robust Image Registration for Compositing High Dynamic Range Photographs from Handheld Exposures" paper.
For coding part, HDR Toolbox by Francesco Banterle is very helpful if you are interested in Matlab!
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
Is there any website specifically for sharing and accessing actual software development processes implemented in software organizations?
There are lots of resources that give advices and descriptions for implementing these processes. They are very useful. But I think having actual example process definitions would be very useful as well. Specifically, I am now looking for an example process definition in CMMI. I overviewed several books but none of them presents any specific example implementation.
I think the authors are probably concerned that the readers might just copy these process definitions without understanding specific customization decisions in them. They are very rightful in this concern. But anyway, I think this is an important need for general software community. Understanding and interpreting an example document properly should be the responsibility of the reader.
If you don't know any good resource that shares specific implementations of the processes, what do you think about this need? Don't you think that we, software engineers and developers, should share our process definitions as we share our code?
There is a good wikipedia article with a lot of resources. Also searching for "UCM Workflows" on IBM Rational web would lead to good examples, I'd rather not deep link into their page. The question is how far into detail you want to go into the process. Most resources available will only give you a rough overview of basic development processes.
What you mean by examples is probably going into the details of specific implementation of such development process. For larger and established software development companies their development process will most likely not be readily reusable, because it will involve many custom made tools and configurations and the process itself could be in some cases considered proprietary, giving the company a competitive edge over others. Going into details about the process could also pose a security risk, because it would reveal a lot about the company infrastructure. So I don't think you would find much in form of examples from successful software development companies and what you find is either too general or written by theory-crafters.
This is a field of special interest for me for almost a decade now and I only ever found bits and pieces published about specific processes used by major software corporations. I would certainly welcome a forum to share experience with other professionals in this field.
Try looking at EPFC - Eclipse Process Composing Framework, there are some example processes, tools and best practices to develop them.
There are merits in providing some sample templates which would assist someone getting started. The limitation is that it could force the user to adopt the templates without thinking about the application.
Most methodologies adopt a 'guideline' approach with some tailoring. For example, the RUP system, promoted by Rational (now IBM) traditionally suffered from the assumption that it was only applicable to large scale projects. This prompted discussion on how RUP can be applied to a one person project. Of course it takes work and effort and if you are a small project team sometimes tailoring the methodology could overshadow the project; i.e are you trying to build a methodology or a product ?
As for samples some examples are:
Agile Unified Process - gives good examples of both process, artifacts and also commentary on the process and it's application,
Open Unified Process - again samples, artifacts and easily navigated system.
I do not know of such a "process repository". I only see general description like this one.
Note: While the CMMI implementations I have come across are quite tailored for a specific enterprise/environment, I found them truly effective when evaluated/challenged.
In that regard, the study Six Sigma and CMMI interesting, not so much as a practical example of CMM, but rather as a way to put CMM in perspective.
The OPEN Process Framework Repository Organization's web site contains an online repository with over 1,100 method components.
It doesn't contain final methods because, according to method engineering precepts, you must compose your methods from these components depending on your product, project and organisational needs.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
Jeffery Palermo says 'Classic WebForms More Mature Than ASP.NET MVC': "Is Classic WebForms More Mature Than ASP.NET MVC?".
It seems to be subjective, but what I want to know is, what exactly "mature" software is?
The answer is very subjective. But basically if the software can answer to most of these criteria (in no order of importance):
secure
reliable
actively maintained
has active community
field-proven
Then it can be considered "mature".
It is important to note that different clients would expect different levels of "maturity". A large corporation would demand that the software it uses is secure enough to protect its sensitive data, and that the software is supported by a support rep available 24/7. As opposed to a small private project of your own which you might care much less about security, and you do not need (nor can afford) a service package which includes 24/7 customer support.
So ,maturity differentiates according to the client, but the basic criteria remain the same.
Mature is when people have figured out how to deal with it.
(And we're talking about development platforms not about end-user apps, aren't we?)
For example, javascript only became mature with the introduction of prototype, jquery and the like.
Before that, people tend to code strange things they they'd regret.
So you're asking for subjective opinions on a subjective topic. :)
I would say, mature would add the following characteristic to a technology:
People know how to use it, know its possibilities and limitations
People know what the typical usage scenarios are, patterns, what are good usage scenarios for this technology so that it shows its best
People have found out how to deal with limitations/bugs, there is a community knowledge and help out there
The technology is trusted enough to be used not only by individuals but in productive commercial environment as well
Reduce Subjectivity by Developing a Measuring Tool for yourself.
My Criteria are for Business Software:
Feature Rich - handle lots of Business Rules
Flexible - Selectable Features via Parameters & Configuration
Stable - Few, if any bugs causing malfunction such as crashes
Well Documented - User and technical Documentation
User Friendly - as attested and recommended by users
Robust - Not very much fazed by events such as power failures and erroneous user input.
Installs & Runs "out of the box".
Take all the Criteria and place it in a spreadsheet with columns rating from 0 - 5 and do a rating by ticking the column corresponding to your rating of each criteria.
If overall score is 25 or better then the software is mature.
If the score is 15 to 24 then the software is average.
If below 15 then the software is immature.
Mature software has to be whatever you mean it to be. I don't think you will find an easy mechanism for measuring maturity, and everyone's definition is going to differ anyway.
It's always going to be a subjective view I'm afraid and therefore subject to a lot of argument.
I would say that mature software is stable, well documented, widely used and well tested.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I am about to go for an interview for a software testing summer job. What questions should I ask the professor about this + I have never done software testing before, any good reference material you can recommend will be appreciated.
thanks
You should be prepared to discuss a variety of testing terms, such as:
"black box" testing, "white box" testing, etc.
unit tests
functional tests
smoke tests
BVTs (Build Verification Tests)
the differences between stress testing and load testing
performance testing
globalization testing
interoperability testing
manual testing vs. automated testing (when?, why?)
api testing
security testing
regression testing
code coverage testing
(etc...)
You likely don't need experience in all of them, but you should express an awareness.
A general knowledge of the following is helpful (refer to IEEE 829 for a start):
- test plans - what should be in a good plan?
- test cases - what should be in a good test case?
- test design specifications
- incident reporting (including bug tracking)
- software specifications - what does one look for?
You should start thinking about how you would test different things. What are the base cases? Are there any boundary cases? What could be wrong with any given product or item? Think creatively...
For a few starting references on testing, I suggest looking at the following:
Cem Kamer's book on software testing
Wikipedia for some more starting points
IEEE 829 (related articles should be sufficient to get you thinking, as the full spec is good for insomniacs)
If you've never done software testing before, it would be a good idea to learn some things quickly.
I'd recommend checking out the Black Box Software Testing course, available free (without an instructor) at http://www.testingeducation.org/BBST, or in an instructor-led version that is free to members of the Association for Software Testing (http://www.associationforsoftwaretesting.org). This is a university-level course, hours and hours of video, supplementary materials, quizzes, self-tests, and pointers to other information.
James Bach and I co-author and teach a course called Rapid Software Testing (http://www.developsense.com/courses.html). The course notes for that are available for free at James' Web site, http://www.satisfice.com/rst.pdf.
I've written a lot of articles on testing for Better Software magazine. They're available free at http://www.developsense.com/publications.html.
In addition, there's a blog post for you: http://www.developsense.com/2009/02/how-can-trainee-improve-his-her-skills.html
There are several testing communities online where you can ask questions and get mentorship. http://www.softwaretestingclub.com and http://www.testrepublic.com are two of them.
Best of luck.
---Michael B.
Besides the questions you will be asked, don't forget the interview is actually a conversation. And you look much better if you ask questions yourself. So, let me say few things I'd ask if I were you :)
For me, when it comes to working as a tester, most important is communication. How well you can communicate with team members, managers, team that develops the software you test.
Do they use some kind of bug tracking system, if so, what system is it? Is it the same system the development team uses?
Does this tool cover most of communication needs, or there gonna be a lot of calls / email exchanging resulting in a total mess in discussions about issues?
Is there any automated tool used for testing? This gets you quite close to what are your responsibilities on this position, so will probably be covered in the interview anyway.
Do you get 2 monitors ;) ? (Really, getting a second display was like a huge improvement for me in tester job). Do you get the tools that make your work faster and more effective?
Terms, definitions and tools are important thing... but analytical skills, logic, communication and other skills may be more important.
Maybe It won't be a summer job, but a career.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I work in a shop that is certified at CMMI level 5. This certification is important because it gives us access to certain customers and contracts. I'm looking at how to blend Scrum with CMMI. I've found some info on mixing Scrum with CMMI-3, but quite a bit of it is "hand wavy" and wouldn't hold up to intense scrutiny. Specifically, the organizational KPAs seem challenging.
What experiences have you had (good and bad) mixing the two processes?
This seems an interesting paper by the SEI folks at Carnegie Mellon (not just about Scrum though):
CMMI and Agile are compatible. At the project level, CMMI focuses at a high level of abstraction
on what projects do, not on what development methodology is used, while Agile methods
focus on how projects develop products. Therefore, CMMI and Agile methods can co-exist
CMMI or Agile: Why not embrace both (PDF)
Here is an experience report on the results of introducing Scrum into a CMMI Level 5 environment to replace waterfall projects for large defense and healthcare contracts (pdf).
Abstract:
Projects combining agile methods with
CMMI1 are more successful in producing
higher quality software that more
effectively meets customer needs at a
faster pace. Systematic Software
Engineering works at CMMI level 5 and
uses Lean Software Development as a
driver for optimizing software
processes. Early pilot projects at
Systematic showed productivity on
Scrum teams almost twice that of
traditional teams. Other projects
demonstrated a story based test driven
approach to software development
reduced defects found during final
test by 40%. We assert that Scrum and
CMMI together bring a more powerful
combination of adaptability and
predictability than either one alone
and suggest how other companies can
combine them.
HTH,
I just happen to find a blog on this exact topic: Agile CMMI blog
A starting point for a discussion on marrying Agile methods and CMMI.
It links to several articles
Agile CMMI: No Oxymoron
Agile Programming and the CMMI: Irreconcilable Differences?
It found the whole of interest so I decided to share it here.
Another recent article providing real life experience on this topic is "Mature Scrum at Systematic", co-writtent by Carsten Ruseng Jakobsen, Jeff Sutherland
In addition to the previously mentioned documents, I found another one: Agile Methods and CMMI: Compatibility or Conflict? The emphasis of this paper is on Extreme Programming (XP) and how its methods can be applied within an organization attempting to remain compliant with the CMMI framework. Although it isn't Scrum, it might be an interesting read.
Another interesting Jeff Sutherland's paper on that subject is "Scrum and CMMI Level 5: The Magic Potion for Code Warriors"
Is is said : "Results show that projects combining Agile Methods with CMMI 5 are more successful in producing higher quality software that more effectively meets customer needs at a faster pace."
If you can read french, here's a very good article on that subject : Synergies entre CMMI et les Méthodes Agiles
See short but detailed comparison at http://www.processgroup.com/pgpostmar09.pdf
On EuroStar 2009 conference Gittie Ottosen spoke about how they do agile at their company. What's impressive is that this company Systematic is creating software for air-crafts, military etc. They do it in compliance with CMMI 5, ISO 9001 and AQAP 150&2110. So I guess agile can be applied to systems with high regulations. Maybe try to look up that presentation, and try to get more info from him.