Nice read. “ Learning Software Architecture” means understanding that there is no single good answer. It is art and science.

Read tip: Simplify IT - The art and science towards simpler IT solution https://nocomplexity.com/documents/reports/SimplifyIT.pdf

The OWASP Board has released its new Strategic Plan to tackle software security.

I haven’t quite made up my mind about the certification programmes yet. There are already so many out there for security, and most seem to cover the same ground.

Nice! But in the Comparison should be MyST - https://mystmd.org/ This is the new markdown standard to be….

Or even Typst (not an extension of Markdown, but it has very similar goals and use cases).

Myst with Sphinx is great. I miss strong LSP support though—or at least I didn’t manage to get it run in helix. I built my blog with pydata-sphinx-theme and myst

I'm not familiar with it. Feel free to update the table in a PR

Nice blog but title should end with (2024).

I would recommend reading: "The CP-SAT Primer: Using and Understanding Google OR-Tools’ CP-SAT Solver" - https://d-krupke.github.io/cpsat-primer/

When starting with CP-SAT. The google docs are not great unfortunately.

Full title: ChatGPT, is this real? The influence of generative AI on writing style in top-tier cybersecurity papers

"we find a sharp rise in the frequency of LLM-favored marker words such as underscoring and enhancing."

Original title: Security Concerns in Generative AI Coding Assistants: Insights from Online Discussions on GitHub Copilot

"the sentiment expressed across all concern areas is generally skewed toward the negative end of the polarity scale."

Nice article. But the warning can be stronger imho: Instead of: "Don’t assume your results are the same as anyone else’s."

"The results search you get from G*gle results are unique."

G*gle does not use the easy to use Lucene search syntax but has many 'magic' things, like:

Searching for high-quality Open Access content or solid technical answers on software challenges requires a rigorous scientific methodology, combined with creativity and extensive experience. Despite being a crucial competency, it is rarely taught in depth.

Even with the rise of LLMs, effectively navigating search results remains an unsolved problem.

To do a Simple Cyclomatic Complexity check, operating on the principle that secure systems are simple systems, you can use https://github.com/nocomplexity/codeaudit or try the wasm version on https://nocomplexity.com/codeauditapp/dashboardapp.html

Complexity directly impacts security. Simple systems are: Maintainable: Easier to change and manage. Reliable: Less prone to logic errors. Testable: Easier to validate and test.

There was a study I read recently that analyzed the different complexity metrics and tested whether they relate to developers ability to understand the code.

Most of them, especially Cyclomatic, did not align very well with the ability to understand, there was only one of the standard ones (can't remember which one) that kind of got close.

If you can remember or find the reference, I'm interested!

I think this is the one: https://pmc.ncbi.nlm.nih.gov/articles/PMC9942489

Thanks!

appreciate this!

100% click bait title indeed!

We are brainwashed by commercial vendors to advocate for complex, expensive cyber security solutions that are costly to implement and lack transparency.

Most (commercial) cyber security solutions are not future-proof and not maintainable in the long term. Most cyber security improvements programs end with more paperwork and more new fancy software tools, without increased security resilience.

Love the one-armed code bandit on the home page of this blog! Nice UX experience! See: https://dbushell.com/