Software Engineering, Project Management, and Effectiveness
I like competitive studies. I'm usually more interested in the methodology than the outcome. The methodology acts as a blueprint for what's important in a particular problem space.
One of my favorite studies was the original @Stake study comparing .NET 1.1 vs. IBM's WebSphere security, not just because our body of guidance made a direct and substantial difference in the outcome, but because @Stake used a comprehensive set categories and an evaluation criteria matrix that demonstrated a lot of depth.
Because the information from the original report can be difficult to find and distill, I'm summarizing it below:
Overview of ReportIn June 2003, @Stake, Inc., an independent security consulting firm, released results of a Microsoft-commissioned study that found Microsoft's .Net platform to be superior to IBM's WebSphere for secure application development and deployment. @stake performed an extensive analysis comparing security in the .NET Framework 1.1, running on Windows Server 2003, to IBM WebSphere 5.0, running on both Red Hat Linux Advanced Server 2.1 and a leading commercial distribution of Unix..
FindingsOverall, @stake found that:
Approach@stake evaluated the level of effort required for developers and system administrators to create and deploy solutions that implement security best practices, and to reduce or eliminate most common attack surfaces.
Ratings for the Evaluation Criteria
Scorecard CategoriesThe scorecard was organized by application, Web server and platform categories. Each category was divided into smaller categories to test the evaluation criteria (best practice compliance, implementation complexity, quality of documentation, developer competence, and time to implement).
Application Server Categories
Host and Operating System Categories
Web Server Categories
More InformationFor more information on the original @stake report, see the eWeek.com article, .Net, WebSphere Security Tested.
Book building is art and science. I've built a few books over the years at patterns & practices.
Book building is art and science. I've built a few books over the years at patterns & practices
PingBack from http://msdnrss.thecoderblogs.com/2007/12/24/building-books-in-patterns-and-practices/
PingBack from http://shapingsoftware.com/2009/03/09/security-hot-spots/