Relationships between concepts Relationships between concepts in the cybersecurity vulnerability management ecosystem (CVE, CPE, CVSS, etc) Links MITRE CVE NIST CPE NIST NVD FIRST CVSS

Audit and compliance cost

- 1 min read
One-off evaluation Point in time evaluations are expensive and lose value quickly Manual effort is error-prone Recurring evaluations Multiple, recurring evaluations consume all your budget

Rapid technical assessment

- 1 min read
Rapid technical assessment This pack covers an approach I use to creating consistent technical assessment and evaluations using a quality model based on ISO 25010. Rapid technical asssessment (PDF slides) Rapid technical asssessment (XLSX worksheet)

Codebase evaluation checklist

- 2 mins read
Codebase checklist Highly opinionated checklist, but each of these items will make it faster (for me) to onboard and contribute to a codebase. Project self-containment Backing services are defined in the project and under version control External dependencies are limited to a runtime and task runner Test presence and separation Unit tests can be run without any further setup or configuration tasks Clear separation of unit and types of non-unit tests Test runner is idiomatic Tests can be executed using project task runner Test results are reported in human and machine readable forms (e.

Exploring team scalability

- 1 min read
Exploring team scalability with models An informal exploration of team scalability and performance using network communication models. Team performance modeling (PDF slides)

git flow sample

- 1 min read
git flow sample Source git / ci/cd relationship