Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 6 years ago.
Improve this question
in software engineering should a contract draft be reviewed by software developers? or it should be left to legal department and to management?
The contract is usually of little consequence to the software developers. In my experience it's unusual for a contract to be reviewed by software developers, but is often reviewed by (or at least made visible to) managers of one type or another within the engineering department. The main points of interest for them would be the deliverables, the dates, any penalties and the maintenance/support offered.
The software specification (which can often be an appendix to a contract) should most certainly be seen by developers, but actual review (sign off and/or providing feedback prior to the contract being signed) is often limited to architects, product managers, project managers, technical leads and similar more senior roles.
This will of course vary a lot from company to company and depending what sort of area the software is in, whether it is bespoke software or another roll out of an off-the-shelf product, etc.
probably a good idea to do a sanity check of any deliverables and scoping or any hard to achieve requirements. - hopefully these could be seperated from the contract itself for a review.
Depends on the situation and your organization, but it can be helpful to have the engineers or engineering managers who are familiar with the code review and make sure you aren't misrepresenting ownership or rights if you are using third party and/or open-source libraries and code.
That really depends on how the contract is written. If the details of what needs to be delivered are integrated into the contract, that should be reviewed by software developers. Often times this is just an exhibit attached to the contract. In that case, you would just want to review that exhibit. The software team should not be worried about the penalty clauses, indemnity clauses, etc. which make up the bulk of the contract, but should be about delivery dates and specifications.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
I'm not sure if this is even an appropriate question for SO but I'll go ahead anyway as I'm not sure.
I've been looking at Pen Testing tools for my current project and have found a number of them but ultimately there is no getting away from taking this seriously and looking to a professional organisation or individual that specialises in performing this kind of work.
The reason for looking for tools is simply to enable me to pick off the low hanging fruit before initiating a full pen testing cycle. This should also hopefully make that process cheaper as I will hopefully have addressed all the obvious vulnerabilities.
Tools & Resources
BurpSuite
IBM AppScan
nmap.org
Nikto
Organisation & Individuals
I'm wondering if there are any resources out there that rate and review organisations performing these tasks? Are there any organisation that you could recommend that you have used previously with good results?
#Jammer, I am not sure if there exists such a rating that you are looking for. My personal view would be ,make a study of your requirements-whether you are looking for a certification or a compliance or just trying to increase security. Based on these criteria,you can look at the pentesting organisations and evaluate them on your own. This link may help,
http://www.ivizsecurity.com/blog/penetration-testing/how-to-choose-penetration-testing-companies/
Anyways there is always a trade off between choosing third party vendors or owning a own security team. You can go for third party consultation then have a own in-house Security Educated QA Team.
Hope this helps.
I am afraid some of the tools you listed are note comparable.
Burp is a proxy-scanner tool. You can intercept the traffic with burp and manipulate the request before sending to the server. Pro version has scanner for specific request you send the scanner
Nikto and Appscan are automated scanner. At the end, you need to eliminate false positives and also might have false negative results.
nmap is powerfull tool for networking stuff such as port scanning, ftp, snmp etc related searches by using scripting engine.
Additionally, using automated tools will not reduce your penetration testing costs. Because in any case you should take penetration test service before make your app public.
Reducing security costs is not a good idea, instead better to hire developers have secure coding background or apply secure development lifecycle to your development environment.
If you any other question please shoot it.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I'm looking to set up a small site for a friend that has some widgets they want to sell online. I don't think I will have much time for maintenance once it goes live (for that matter, I don't expect I'll have much time for initial setup and configuration), and I am looking for something that is dead-simple for a non-technical user to maintain (financial/payment info, add/remove/change products).
The second most important part would be good integration with a payment provider. I'm not too fussy what language it's in if it meets my other criteria (if I don't know the language I will learn enough to get the site running).
Also important is that I'd prefer to stick to open-source products, mostly because I don't think this project will have much of a budget for high-end commercial products (at least not until it makes some sales).
The last time I did this sort of stuff we were building custom sites from scratch for clients with very specific needs. I do not have recent experience with the current generation of blogging tools (Wordpress, Joomla, etc...) and I don't really know which off-the-shelf combo of platforms and plugins are best to get something up and running in as little time as possible.
Hosting your own online store is a full-time occupation, no different from running your own brick-and-mortar store. Anything that accepts online payments will be targeted by criminals for online fraud.
If your business is selling widgets and not running online stores, I strongly, strongly suggest using a hosted service with its own web integration and payment handling. I know people who have used both Weebly and Etsy and who are happy with them.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
Does anybody know what large companies are currently using agile iconix process??
The only ones I know are the one I could find on the ICONIX Software Engineering corporate website:
Case studies: see how ESRI Professional Services, Virginia Department of Motor Vehicles, and Large Synoptic Survey Telescope are succeeding with ICONIX Process
I may be wrong but to me, the ICONIX methodology isn't really widely used and it
looks more like a way to sell their Enterprise Architect product.
And personally, I never had big successes with too much UML centric approaches (à la MDA).
I like the process and used it well in several projects. I just want to give some of my thoughts on it:
Iconix is based on domain driven design. Domain comes first. This is fine, however we need to be aware of a boundary conditions. To put is simply, domain driven design works for the relatively complex projects. There may not be a domain model as design pattern at all since it may not be the best choice for every system.
Iconix assumes sophisticated deisgn. Not every project needs it and not every project has developers capable of absorbing it. There are tons of data-centric or purely data manipulation applications out there.
No community, stale web site. I don't know of anybody who uses the process.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
We have a huge debate in our organisation to use AGILE in ERP projects. Can anyone give an example of a successful implementation as such?
Here are some papers and websites that you might be interested in:
Agile Project Management Methods for ERP: How to Apply Agile Processes to Complex COTS Projects and Live to Tell About It
Agile ERP: "You don't know what you've got 'till it's gone!" (Requires IEEE Xplore Subscription or article purchase to view)
Agile Project Management Methods for ERP
Agile ERP
I'm not that familiar with building ERP software, but from what it seems, they appear to have a few things in common. ERP software is large in terms of features and scope and development often takes a long time. I believe that Agile principles might be of value here, even if you aren't using full-blown agile methodologies.
The central tenets of Agile are rapid delivery of working software, accepting late-changing requirements, and close cooperation between the business and users and developers. A highly iterative approach to building an ERP system and close collaboration between the users and the developers to continually add the features that add the most value seem like it will yield the most bang for your buck.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I've come across the phrase 'sustaining software engineering' but don't know exactly what it means. There seems to be some DoD connection? Is it related to Agile Development?
Many in the software world define sustaining engineering as the bug fix team. While this is a part of the duties involved the sustaining engineering group should also be looking at the overall defect trends to help identify areas needing re-factoring. The focus of the group should be to not just fix bugs as they come in but to be the conduit back into engineering to ELIMINATE needless calls from customers. That might involve "works as designed" issues as well as product areas the customers just have a hard time understanding.
I believe "sustaining" is another word for "maintenance": it's what happens after software is released, i.e. support, bug fixing, enhancements ...
Sustainable Software Engineering: Consideration of the social and environmental effects of software projects in managing the project. Managing a software project in order to maximize the positive and minimize the negative social and environmental effects of the project.
Alternative (Sustaining): Consideration of the long-term support requirements during the design and development of a software project. The process of conducting the long-term support required when development is complete.
It's just a fancy way of saying "Software Maintenance Team".
Sustaining Software Engineering, at least in the cases where I've come across it, is the department responsible for implementing hot-fixes for released products, and handling customer service issues that the tech-support guys can't resolve on their own.