Michiel Kalkman

Notes on software, security, product, design

  • Vulnerability management ecosystem

    Relationships between concepts Relationships between concepts in the cybersecurity vulnerability management ecosystem (CVE, CPE, CVSS, etc) Links MITRE CVE NIST CPE NIST NVD FIRST CVSS

  • OSCAL model relationships

    Model relationships Links NIST OSCAL

  • Audit and compliance cost

    One-off evaluation Point in time evaluations are expensive and lose value quickly Manual effort is error-prone Recurring evaluations Multiple, recurring evaluations consume all your budget

  • Rapid technical assessment

    Rapid technical assessment This pack covers an approach I use to creating consistent technical assessment and evaluations using a quality model based on ISO 25010. Rapid technical asssessment (PDF slides) Rapid technical asssessment (XLSX worksheet)

  • Codebase evaluation checklist

    Codebase checklist Highly opinionated checklist, but each of these items will make it faster (for me) to onboard and contribute to a codebase. Project self-containment Backing services are defined in the project and under version control External dependencies are limited to a runtime and task runner Test presence and separation Unit tests can be run without any further setup or configuration tasks Clear separation of unit and types of non-unit tests Test runner is idiomatic Tests can be executed using project task runner Test results are reported in human and machine readable forms (e.

    Read moreā€¦
  • Exploring team scalability

    Exploring team scalability with models An informal exploration of team scalability and performance using network communication models. Team performance modeling (PDF slides)

  • Leadership aspects

    Leadership aspects Source

  • Binary reversing approaches

    Based on https://justintaft.com/blog/2021/11/07/binary-reversing-methodologies Source

  • git flow sample

    git flow sample Source git / ci/cd relationship

  • Architecture concerns

    Relationships Components (sample) Source Components (sample - PlantUML) Source