Vulnerability management ecosystem

- 1 min read
Relationships between concepts Relationships between concepts in the cybersecurity vulnerability management ecosystem (CVE, CPE, CVSS, etc) Links MITRE CVE NIST CPE NIST NVD FIRST CVSS

Audit and compliance cost

- 1 min read
One-off evaluation Point in time evaluations are expensive and lose value quickly Manual effort is error-prone Recurring evaluations Multiple, recurring evaluations consume all your budget

Rapid technical assessment

- 1 min read
Rapid technical assessment This pack covers an approach I use to creating consistent technical assessment and evaluations using a quality model based on ISO 25010. Rapid technical asssessment (PDF slides) Rapid technical asssessment (XLSX worksheet)

Codebase evaluation checklist

- 2 mins read
Codebase checklist Highly opinionated checklist, but each of these items will make it faster (for me) to onboard and contribute to a codebase. Project self-containment Backing services are defined in the project and under version control External dependencies are limited to a runtime and task runner Test presence and separation Unit tests can be run without any further setup or configuration tasks Clear separation of unit and types of non-unit tests Test runner is idiomatic Tests can be executed using project task runner Test results are reported in human and machine readable forms (e.
Read Moreā€¦

Exploring team scalability

- 1 min read
Exploring team scalability with models An informal exploration of team scalability and performance using network communication models. Team performance modeling (PDF slides)

git flow sample

- 1 min read
git flow sample Source git / ci/cd relationship