• Phaedrus
Updated Pattern Naming Convention
The pattern naming convention has been changed to **[SP-xxx: Name of area Pattern]** where SP stands for Security Pattern. For example **SP-019: Secure Adhoc File Exchange Pattern**
Blog
Updates, insights, and commentary from the OSA community. Tracking the evolution of security architecture since 2008.
Uniquely ID a browser via fingerprint
How unique and traceable is your browser? A lot more than you realise. This research project from the EFF (http://panopticlick.eff.org/) looks at various characteristics from your browser strings, and in my case when I checked, uniquely identified me in the 1 million plus tests done so far.... Interesting privacy implications given that some companies on the web are starting to use this to track users uniquely across sites...
How to hack an ATM
Just read an interesting article on Ars about hacking ATM's (http://arstechnica.com/security/news/2010/07/researcher-demonstrates-atm-jackpotting-at-black-hat-conference.ars) at the recent BlackHat conference.
New pattern modules
We are in the process of revising the patterns in the library to ensure they are consistent, and simplify where possible. One idea is that we should create a few additional modules to reduce the number of controls that are specified on each pattern.
Small addition to the icon library
Finally got around to adding the padlock item to the icon library. Not very exciting, but I thought I'd mention it :-)
• tobias
Secure Scrum
For 10 years agile development has been finding more and more followers and practitioners. It seems like a sure bet that SCRUM will be the leading process skeleton for lean and agile project management. As for most new technologies also processes and frameworks go through a hype-cycle. At this moment we know a lot about the advantages of SCRUM and maybe we know too little about the pitfalls.
O'Reilly Cloud Computing Book
An OSA reference has been included into the recent O'Reilly book "Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance" by Tim Mather et al. The Cloud Computing pattern from the patterns library is reproduced in the Appendix. We are pleased to be of assistance in a small way, for a solid reference work on the topic.
Trials and tribulations of TCPDF
I've been trying to get the PDF rendering working properly and I find that this is not as simple as I would like!
• Spinoza
Better printing for patterns
We will try and get the printing improved as a priority. We know that quite a lot of our users want to easily print the patterns, and right now they do not print very well. One option is a PDF converter, although when we tested this a while back it did not work very well. Stay tuned and we should have an answer soon!
Summer hibernation
Just a quick note to say that while progress has been slow lately due to the summer here in the Northern Hemisphere where the core team are located, we are still working according to the roadmap and you can expect to see some new patterns and other artifacts as we head into September and October.