As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
Is there any open-source threat modeling tool - sort of like SDL Threat Modeling from Microsoft?
The Open Web Application Security
Project (OWASP) is a 501c3
not-for-profit worldwide charitable
organization focused on improving the
security of application software. Our
mission is to make application
security visible, so that people and
organizations can make informed
decisions about true application
security risks. Everyone is free to
participate in OWASP and all of our
materials are available under a free
and open software license.
Threat modeling area, towards the bottom of the page;
Appendix: Alternative open-source Risk Management tools
OSMR
MARCO
CORAS Risk Assessment Platform
ISO 17799 Risk Assessment Toolkit
Easy Threat Risk Assessment
ARMS
Minaccia
ThreatMind
Open Source Requirements Management Tool
Here's some others
MyAppSecurity (Not open source but free) ThreatModeler
Trike Octotrike
Amenaza Securitree
Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
i am planning to make an android app for social networking with at most user base of 10000.
with almost the full-fledged feature of a social networking site
So estimating the maximum concurrent users to be 1000,please help in the following points
whether MYSql will work fine or should i use MYSql with hadoop?
whether i should go with Amazon EC2 or a shared hosting account
of GoDaddy.com is sufficient?
because I am unable to estimate the complexity and scalabiity of the project
If you are asking if you should use Hadoop, i suspect you have no idea what its for. In your case, likely not.
Shared hosting probably wont be enough. But this depends on factors that are impossible to estimate without a lot more information.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I was wondering if there is any project with high coverage requirement.
To be more precisely, I'm looking for:
Open Source Project, I need to access to the code
Any class of software, e.g., library, operating system, gui
Data on the coverage achieved. Here coverage can be meant as statement coverage, branch, MC/DC
Any language
I already have such an example. It is a free open source RTOS, RTEMS. Do you have any other examples?
Thank you in advance.
Sqlite is renown for having high test coverage: http://www.sqlite.org/testing.html sadly not all the test cases are freely available.
Another list of Java programs and their test coverage is on http://www.testabilityexplorer.org/report .
If you look at the sonar nemo instance you will find some libraries with high coverage:
http://nemo.sonarsource.org
e.g.:Commons Lang (apache commons lang): http://nemo.sonarsource.org/dashboard/index/269309?asc=false&sort=5
All projects there should be open source (look for the sources link).
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I'm developing an application and am thinking about releasing it open source.
Is it good choice to open source it, even though it's not a developer API library, but an end user app?
When is it a good time to release the source code? Should I start the project open source from the very beginning or wait until it's v1.0?
If the source code is GPL, how do you prevent someone from grabbing it and illegally releasing a proprietary closed source application? In practice, how can this violation of copyright law be spotted and is the law enforceable?
This is all inherently subjective, of course...
Yes. There are many open source end user applications. Firefox, GIMP, Inkscape, Open Office, and many many (other) GNOME and KDE apps, for example.
You definitely don't need to wait until v1.0, though it might be good to wait until you've got some early proof of concept code to "announce" the project. If you announce an empty code repository you'r unlikely to get contributors, and it may be hard to drum up enthusiasm later.
Spotting a GPL violation of an app is probably easier than spotting a GPL violation of a library, on average.
If the code is GPL and you have evidence (or strong suspicions) that the GPL was violated you could try contacting gpl-violations.org or the FSF.
Here are my opinions:
1 - Yes. It can be a portfolio, an example app for others, anything... IMHO, it doesn't matter if it's not a dev-focused project.
2 - Since the beginning. One great thing about these open-sources repositories is that it holds the source code. And there, you can but some ideas about the direction of the project, maybe even discuss it with other users / developers.
3 - Thats tough. I guess you can't, but I'm not sure.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
How much better would commercial OCR software be compared to the stuff that's available online for free?
More specifically: Reading text in pictures (things like book covers etc...)
I work with OCR quite a lot and can definitely vouch that the commercial offerings are much better than what you can find out there for free. Yes, you can make a free one 'work', but it will take a lot of effort for sub-optimal results.
I recommend finding a product that uses the ABBYY FineReader : It does a great job with little configuration.
You may want to consider whether you need to use an SDK provided by the OCR supplier or an end-user application. The SDK will provide position details, etc of what it finds and offer a lot more in-depth control, but will be more expensive. The end-user package will basically just read everything it finds, but you may be able to set it to automatic or control it rudimentally and it might be good enough for what you're trying to do, and may be a lot cheaper.
Get a trial version and give it a go!
Google's ocropus is free opensource and one of the best
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
As an amateur mobile developer, I feel dismay every time I have to fix, update or add new features to an application of mine.
I'm eagerly awaiting the moment you can just develop a web application for any kind of device.
HTML5 and new APIs like Geolocation API or Contacts API are a step forward, but what other APIs could be useful to move current mobile developers to the web? For example, some kind of Sensor API to access mobile accelerometers or magnetometers.
I am aware that future Flash and AIR mobile releases are coming, but I'd rather prefer web standards.
There’s an idea to add a general devices API to HTML5.
http://www.w3.org/TR/dap-api-reqs/
To be honest, I don’t think you can do this sort of thing generically (or at least it’s an impractical challenge). I think it’s down to the folks who make mobile operating systems — i.e. Apple, Google, and the rest — decide whether and how to provide JavaScript access to hardware.
It’s potentially a massive security risk. Go to a hijacked website, and suddenly Russian criminals are copying every photo you take? There’s a “powerful mobile web application” for you.