Posts

SBOMs for Scientific Software: C++

This is the second of a series of posts exploring the feasibility of generating Software Bills of Materials ( SBOMs ) for complex scientific software. SBOMs provide a list of the components, libraries, and modules that are required to build a piece of software. The United States 2021 Executive Order on Cybersecurity highlights the role of SBOMs to support risk assessments for newly discovered vulnerabilities.  Further, the U.S. National Institute of Standards and Technology (NIST) released its Secure Software Development Framework , which requires SBOM information to be available for software. My previous post  explored the generation of SBOMs for both simple and complex python software packages.  A variety of tools have recently been developed that can create SBOMs for python software, which are relatively easy to install and apply. Standard python installation tools like pip and poetry capture much of the information needed to formulate SBOMs, so developers may not need to spend muc

SBOMs for Scientific Software: Python

Image
This is the first of a series of posts exploring the feasibility of generating Software Bills of Materials ( SBOMs ) for complex scientific software. SBOMs provide a list of the components, libraries, and modules that are required to build a piece of software. The United States 2021 Executive Order on Cybersecurity highlights the role of SBOMs to support risk assessments for newly discovered vulnerabilities.  Further, the U.S. National Institute of Standards and Technology (NIST) released its Secure Software Development Framework , which requires SBOM information to be available for software. Both open source and commercial software are impacted by these policies.  Consequently, developers of scientific software should expect that the use of their software may be restricted in some contexts unless accurate SBOMs can be generated.  The past few years has seen an industry-wide effort to embrace SBOMs and other software security practices highlighted by the U.S. government ( more here ).

Science Fiction Comes to Life

One of my favorite authors is Vernor Vinge, who explores how the evolution of technology impacts future societies.  Vernor is a former professor of computer science, so it is perhaps no surprise that his tech focus appeals to me.  The novel The Peace War imagines a post-apocalyptic society that is recovering from a world war that was prompted, in part, by a new force field generating device (called the Bobbler). There are all kinds of futuristic technologies described in this book, which is typical for Vinge's literature.  In one scene, the protagonist is about to be ambushed by a group of bad guys. He hands a gun to his teenage companion, who takes out the bad guys without hardly aiming the gun.  The trick is that the gun has computer-guided bullets, which the protagonist directed using his laptop. This sounded like standard sci-fi tech fantasy until I heard about the self-guided bullet that has been developed by Sandia National Laboratories .  Mashable has a fun video descri

Testing Open Source Software

Software testing is widely recognized as a best practice for software development . Software tests define expected functionality, and they can focus developer efforts by providing an objective assessment of the state of a software project. Additionally, software testing data can provide evidence that a software package can be reliably used. For example, when evaluating whether to try out open source software, I routinely look for software testing data to confirm which platforms the software will run on, the versions of associated software that is used, and test coverage statistics that indicate how much of the the code is tested. Unfortunately, most open source software projects do not publish software test data.  I suspects that this indicates that a small fraction of OSS projects have robust test suites.  However, this also reflects another aspect of the OSS community:  hosting facilities for open source software do not support web-based testing facilities, like Jenkins , that can

A Different Model for Writing Blog Posts

This is a blog that I have been meaning to write for some time.   I occasionally take a look at the download statistics for this blog, and recently I was prompted to do this by other bloggers who were reporting their end-of-year statistics (e.g. see Laura McLay’s review of the Punk Rock OR blog ). Unlike Laura, I do not have impressive download statistics to report about the many blogs I have written in 2011; frankly, I did not create many posts. However, an interesting pattern has emerged regarding this blog’s readership:   there are a few key blog posts that are frequently downloaded.   For example, my most frequently downloaded blog post is a survey of Python plugin software, which I wrote in 2009.   I suspect that other bloggers have seen the same thing; they have a few posts that are very popular because people do web searches on that topic.   However, it is worth stepping back and thinking about the implications of this when writing a blog. When I first started b

The Pyomo Book is Coming Soon

Image
The Python Optimization Modeling Objects (Pyomo) package is an open source tool for modeling optimization applications in Python. Pyomo can be used to define symbolic problems, create concrete problem instances, and solve these instances with standard solvers. Pyomo provides a capability that is commonly associated with algebraic modeling languages such as AMPL, AIMMS, and GAMS, but Pyomo's modeling objects are embedded within a full-featured high-level programming language with a rich set of supporting libraries. Pyomo leverages the capabilities of the Coopr software library, which integrates Python packages for defining optimizers, modeling optimization applications, and managing computational experiments. Of course, there is very little online documentation describing Pyomo.  However, the first book on Pyomo is set to be published in February! Pyomo - Optimization Modeling in Python . William E. Hart, Carl Laird, Jean-Paul Watson and David L. Woodruff. Springer, 2012. Her

A Pythonic C++ Parser

If you google for "python C++ parser", you will find a variety of internet discussions related to parsing C++ in Python.  C++ cannot be parsed by a LALR parser and it is well-known that parsing C++ is a nontrivial task.  Thus, these discussions generally fall into one of several categories: It is too hard to parse C++ in Python, so use a package like GCC_XML that does this for you.  If you really need to do something in Python, write a wrapper to GCC_XML. It is too hard to perform a complete parse of C++ in Python, but we can use a LALR parser to collect gross structural information from C++ files.  The CppHeaderParser is an example of this type of package, which uses the ply parser to collect information about classes in header files. In the recent release of CxxTest , I included a LALR C++ parser that is similar to CppHeaderParser . CxxTest is a unit testing framework for C++ that is similar in spirit to JUnit, CppUnit, and xUnit. CxxTest is easy to use becaus