Application Security Testing: An Integral Part of DevOps
This Week's Topics
- Comments from the Editor
- Recently Published Books
- New & Updated Articles on CodeGuru
- Video: Shelving Source in TFS
- The Amazing GroupBox, Part 2
- A TR1 Tutorial: Smart Pointers
- Op-Ed: Fish or Cut Bait
- [Updated] Customize an IE Context Menu to Add CodeGuru Favorites
- Hottest Discussions
- New Articles on Developer.com
- Geocoding with the Rails GeoKit Plugin
- A Grid for Every Application
- Introducing a Lightweight UI Toolkit: Bringing Desktop Development into Java ME
Comments from the EditorIs it dangerous to not upgrade a CMS or other software to the latest version? Is it fair to call someone stupid for not having their software on the latest, greatest version?
Obviously, new versions of software are often meant to be more secure or to offer more features that people want. If they didn't, nobody would upgrade. After all, who wants to upgrade to a less secure product? In fact, even when a product is more secure, there often still have to be compelling features to get people to upgrade. Windows Vista is a prime example of a more secure piece of software that simply hasn't compelled the masses to upgrade. Similarly, just throwing in new features won't necessarily get people to upgrade either; Microsoft Office 2007 revamped a lot of bells and whistles in the product, including the ribbon bar, yet people also didn't jump on it.
So, are people who are not upgrading to these newest versions simply stupid? Is that what the member in the VBForums forum implied?
In truth, experience has taught CIOs and other IT managers that upgrading to the latest and greatest can be costly. It also can be risky. It takes time and money to upgrade. It not only takes time from the IT staff to install and support the new software, but it also takes time for users to become familiar with the changes that might have occurred. Microsoft Office 2007 is a prime example of a product that initially slows down most people who migrate to it. The changes in the ribbon are different from previous versions.
Upgrading immediately also can be risky. If you updated to Windows Vista on the day it was released, there is a good chance that not all of the drivers were available for your hardware. I personally had driver issues that caused me to uninstall it on my Vista-ready machine. Although most companies test to verify their software won't cause issues, testing is not a perfect science; thus, problems get through. Often, these problems show themselves quickly and a company can resolve them. I have since re-installed Windows Vista on that same machine and it is running smoother than Windows XP did.
A similar example to the risk of immediately upgrading can be seen in programs such as Ashton-Tate's Dbase IV. If you have never heard of Ashton-Tate or if you don't know what Dbase IV is, you can see the risks that can happen with new versions of Software. Dbase III was an industry-leading product from Ashton-Tate in the late 1980s. In the early 1990s, an upgrade was released. Those who immediately jumped on the update found that it was full of problems. The problems eventually led to most people dropping Dbase for a competitive product called Paradox from Borland. If you haven't heard of Paradox, well then, we will simply state that some lessons are hard to learn.
If you work in a large corporation, there is a good chance that the software you are using is not leading edge. Is that bad? In my opinion, it isn't bad if you want to reduce risk. In most cases, it is better to be safe.
Is Jupitermedia dumb for not immediately upgrading to the newest point releases of its forum software? In my opinion, the answer is no. On the flip side, there are values to be had from upgrading sooner rather than later as well. Of course, that is a discussion for another newsletter!
Until next week...
Bradley L. Jones
Recently Published BooksFor those of you keeping up by reading books. The following are just a few of the new books that have been recently released. If you've read any of these, feel free to write a review to be posted on CodeGuru. See the submission guidelines.
.NET Framework 3.5 - Windows Presentation Foundation Training
By Matthew A. Stoecker for Microsfot Press
540 pages for $69.99 w/ CD (Hardbound)
For MCTS Exam 70-502
Command-Line Administrator's Pocket Consultant
By William R. Stanek for Microsoft Press
580 pages for $34.99
Server 2008 Administrator's Companion
By Charlie Russel and Sharon Crawford for Microsoft Press
1280 pages for $59.99 w/ CD (Hardbound)
New & Updated Articles on CodeGuruFollowing are short descriptions of new articles on CodeGuru. If you are interested in submitting your own article for inclusion on the site, then you will find guidelines here.
Shelving Source in TFS
By By Paul Hacker
Discover how to take advantage of version control features in Team Foundation Server without fully checking in software.
Amazing GroupBox, Part 2
By Hannes du Preez
Gain the ability to contain controls and add a little preview for your control in design time.
By Ali Rafiee
Learn to create a ColorComboBox color picker that uses ToolStripDropDown.
TR1 Tutorial: Smart Pointers
By Marius Bancila
Learn about the new smart pointers available in the standard library, shared_ptr and weak_ptr.
Fish or Cut Bait
By Paul Kimmel
If a person or group does something successfully one time, ten times, or a hundred times, there is an increasingly better chance that group will succeed again. All of the books in the world won't turn a ten year old kid into Gordy Howe or Wayne Gretzky. There is an element of talent. Find the talent.
Customize an IE Context Menu to Add CodeGuru
Learn how to customize the internet explorer context menu to add Codeguru Favorites items.
Discussion GroupsCheck out the CodeGuru discussion forums
Forums include Visual C++, General C++, Visual Basic, Java, General Technology, C#, ASP.NET, XML, Help Wanted, and much, much, more!
... HOT THREADS ...
New Articles on Developer.comGeocoding with the Rails GeoKit Plugin
By W. Jason Gilmore
Learn how to geocode addresses using the GeoKit plugin, as well as calculate distances between points and identify all points within a specified radius!
Grid for Every Application
By Art Sedighi
What attributes of an application make it a good candidate for the Grid? What should you look for in a Grid vendor to make your life easier as you move your applications onto the Grid?
a Lightweight UI Toolkit: Bringing Desktop Development into Java
By Ibon Urrutia
Are you a JavaME developer bored of Forms and Lists? Do you want to create mobile apps with user interfaces of the 21st Century? Try to do it with the LWUIT library.