Article by Chad Holmes
Having spent the last 10 years or so working with technology on a day-to-day basis, I thought I’d seen a good deal of “Woah, that is cool” moments. These moments range from just discovering modern day technology (the fact that companies made billions on database software blew my much younger mind for about a week) to more niche discoveries (my first identified SQL Injection vulnerability was a doozie, and I didn’t even know it had a name until two years later!)
Now these moments are expected as technology improves, markets mature and breakthroughs are made, but rarely do folks get to encounter the collision of two complementary technologies like we’re seeing with Cloud Computing and Big Data. “The Cloud” has been kicking around for some time and is still somewhat ill-defined, but can loosely be seen as remote computing and data storage services ranging from eReader stores to paying for on-demand processing and storage services. “Big Data” on the other hand is just starting to get recognition, most notably with Nate Silver’s uncanny, data driven prediction of the most recent United States elections.
Seeing these services collide from afar is interesting to watch…but it’s even more awe inspiring in everyday life. As an example, no more than a week ago an innocent question from a college friend around Java 7 adoption rates started a chain reaction of big data, cloud services and human feedback that would not have been possible even a few years ago. In short, the chain went something like this:
- A private twitter conversation lead to a question about Java 7 adoption in the open source community
- The request was relayed to Veracode engineers as an informal inquiry
- Veracode engineers polled a massive amount of security analysis data collected via our cloud based static binary analysis server and crunched numbers across 100+ global customers that had performed a Java scan in the last month (more on the results below)
- An innocent tweet from a comfortable Starbucks chair about how quickly such requests can be processed lead to feedback from friends, colleagues, co-workers and several others asking for more specific details and helping shape the request
- The data was rerun, re-analyzed and cross referenced against other posts
- Results were shot to a marketing department for cleansing
- A blog post extolling the virtues of cloud computing and big data was posted to our site
In short – a combination of cloud messaging and analysis services lead to a quick, effective, ad-hoc international cooperative that quickly answered a simple question.
So what’s the point? Easy – technology is really, really cool, but not only that. Technology, if used correctly and done in a collaborative manner can be incredibly powerful. It can help answer questions that otherwise would go unanswered. It has helped solve medical issues, predict an election with a high degree of accuracy, and in Veracode’s case, enable developers worldwide to identify software flaws while also helping improve the very engine that they’re submitting to.
At the end of the day, the collision of these two technologies can and will be used for the greater good. We at Veracode see it in the form of our State of Software Security reports, infographics and a variety of other analysis we provide for free to the greater community. On a broader scale it can hopefully help make the world a healthier, happier place.
Side note: The Java7 Scan Answer
The short answer is that we don’t see widespread use of Java7 in our customer base. To be fair, our full Java7 support has been out for less than a couple of months, but in that timeframe less than 0.3% of all Java applications submitted are in Java7. Of those submissions all were from commercial organizations well known for their quick adoption of technology, and even those were a small subset of their individual submissions. While our data doesn’t show much in the way of Java7 adoption there are other sample sets (also admittedly small) that see the exact opposite, such as the Jelastic blog post that is well summarized by Henrik Stahl at https://blogs.oracle.com/henrik/entry/java_7_adoption_at_79.
Cross-posted from Veracode