Can I save fortify scan results into a file, so I can send to someone to Analyze them?
You can run a report using Audit Work Bench or Software Security Center. PDF reports typically don't contain enough detail to see all of the information regarding a vulnerability, but if the other person doesn't have Fortify it's better than nothing.
You can also try posting Fortify issues to their online forum at https://protect724.hp.com. The support group monitors those forums.
Related
I am a Software Engineering student at Universidade de BrasÃlia. I'm developing a project for the subject Software Requirements about the YouTube application. We choose this application to document all related artifacts, functional and non-functional requirements.
We would like to know if the Youtube team could review our progress to collect all the requirements artifacts and give us some tips on how you guys collected the requirements for designing the application.
Here you can access our Wiki with all the content collected. Or accessing the link below:
https://requisitos-de-software.github.io/2022.1-Youtube/
Thank you so much for the attention.
Only the YouTube team can answer a question this specific. I don't think you'll have great odds of success either way, but you'd be better off contacting YouTube than posting on Stackoverflow.
I am wondering that how to find the eVar names that are already implemented in the Adobe analytics.
Please let me know how to find in the bulk of all implemented eVars that will help me better understand user flows and build the charts efficiently.
There are a few ways to get bulk settings info. The most comprehensive is the Adobe Health Dashboard- https://express.adobe.com/page/tnNQGNlfzta3b/. Thisnot only tells you what each variable is named and what its settings are, but also shows you what type of data it is receiving. The downside is it requires adobe.io authorization, which can be a pain to get set up. It also only runs on PCs (because of its excel macros). I believe it also really only shows one report suite at a time.
You can also use tools like https://reportsuites.com/ to just get an export of variables and their settings.... it's particularly useful if you want ot compare across report suites. The main downside there is that adobe has made it hard to find the web services API credentials you need in order to run it.
just like what the title says
I couldn't find a single detailed explanation with this vulnerabilities
any comments is appreciated
see link for more info
https://cordova.apache.org/announcements/2016/04/27/security.html
The NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. This is the official resource to see more information about announced vulnerabilities:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5207
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5208
You could investigate this further by analyzing the Cordova iOS source on GitHub and history of commits:
https://github.com/apache/cordova-ios
The CVE sometimes is not incredibly descriptive on how the bug actually works because they're trying to thwart less-skilled hackers from easily writing exploits for the bug immediately after it's released. Oftentimes you will have to investigate the source code to see what changes were made yourself to recreate the problem.
My employer has installed two large LCD panels to display build health and statistics.
I'd like to display Sonar graphs which update intra-day. How's the best way of going about this? I've had a look through the available plugins and haven't found a "wall display" facility yet
No such plugin currently exists, and actually I'm not sure that this could be achieved with a plugin - as plugins can only contribute to the current Sonar UI.
Maybe you could send a mail on our mailing-list (user#sonar.codehaus.org) to tell your interest in such a feature for a future release of Sonar? Basically, this would be something like the possibility to ask the UI to show a Sonar dashboard outside of the standard layout and with a specific refresh rate.
FYI, we have planned a work on the UI for the next version of Sonar - 3.3, so this could be the opportunity to see if your need can be addressed within this sprint.
I've come to a crazy idea to use Google event tracking in Delphi desktop application. I want to track users behaviour workflow to make application better. But it's in javascript.
Is it possible somehow to do it directly from application? Or do I need for example to make a webpage which communicates with Google event tracking API and application sends REST queries to that webpage?
Or maybe I can do it without javascript at all and directly from application?
You should be very careful with this, and warn your users.
Though software running locally is a different thing than software running from a web-site in a browser, the interconnectedness of software is increasing. So is the general feeling in the public on what is right and not to communicate.
For instance, a lot of software 'phones home' to check for the latest version without even asking permission to their users. I can understand that some users have a problem with that, but it indicates the general opinion on this is shifting. The vendors can track usage statistics based on that 'phone home' alone.
I'm not sure if the Google Event Tracking would be the best way to solve usage tracking from a desktop application, but the general idea (collecting usage statistics and error information) can work out very well.
Software from big vendors have been getting usage statistics from their software for years, and they ask their users up-front if sending statistics is OK, and at the time of an error, each time ask them if that is OK too.
In fact the book "Why Software Sucks ... and What Can You Do About It" and presentations from David Platt explains really well how to do this and how to communicate this to your users.
You need to do this in a very anonymous way, and you can because basically you are interested in these things:
what is the largest percentage of errors
what is the largest percentage of features used
what is the smallest percentage of features not used
As long as you communicate percentages, it is clear to explain to your users that the data will be very non-specific.
On the other hand: being able to focus on the actual errors can improve your software a lot.
The errors communicated back to you can contain much detail, so you need to either strip that detail out, or be very upfront with your users indicating which details are being sent to you when communicating individual errors.
--jeroen
I developed my own solution (I called it 'softmeter') to do exactly this. It is a dll that will do all the REST queries to Google Analytics.
There is sample Delphi code that wraps the DLL in a Delphi class so sending an event is simple as
dllSoftMeter.sendEvent('Conversion events', 'Donate clicked', 1);
If you do not mind using 3rd party libraries, you can use it.
In fact I found that most software using it, is Delphi made software.
Here is a more extended sample of the Delphi code for the implementation.
https://www.starmessagesoftware.com/blog/track-delphi-pascal-gui-application-google-analytics
You will need of course to get consent from the end-user.