My professional interests are in improving software development practices for higher-risk software systems (i.e., ones which must be secure, large, and/or safety-critical). My specialties include writing secure programs, vulnerability assessment, open standards, open source software / free software (OSS/FS), Internet/web standards and technologies, and POSIX.
Unintentional and intentionally inserted vulnerabilities in software can provide adversaries with various avenues to reduce system effectiveness, render systems useless, or even use our systems against us. Unfortunately, it can be difficult to determine what types of tools and techniques… Read More
Nearly all publicly-available open source software (OSS) is commercial software. Unfortunately, many government officials and contractors fail to understand this. This misunderstanding can result in higher costs, longer delivery times, and reduced quality for government systems. There are also legal… Read More
This article summarizes when the U.S. federal government or its contractors may publicly release, as open source software (OSS), software developed with government funds. This article is intended for non-lawyers, to help them understand the basic rules they must follow…. Read More