Mac Planet: NZ developer-ments

New Zealand has produced some stellar successes in app development, with interesting and rewarding (for the developers, a well as for users) apps emerging from those who have done courses such as those offered by the department of Computer Science and Software Engineering at the University of Canterbury, courses from places like Natcoll and the Media Design School, the Auckland University of Technology's Creative Technologies Interdisciplinary courses and other places, but no one institution has a singular focus on the field of developing apps, whether Apple or Android.

But initiatives across the country are changing the picture. Auckland's Unitec is the largest Institute of Technology in New Zealand, with 23,000 students enrolled across 165 courses.

A closer working relationship between Industrial Research Ltd and Unitec aims to deliver more and better work-ready high-tech workers to New Zealand industry.

IRL and Unitec Institute of Technology has signed a memorandum of understanding that will see the two organisations collaborating to link New Zealand industry with a greater level of training, and give students skill-sets for project work. IRL has been undertaking a range of initiatives aimed at ensuring the effective deployment and growth of Research and Development services.

R&D has been seen as a problem area for New Zealand industry with the National Government controversially scrapping a Labour-initiated program of R&D tax credits, but as a counter to that, National has recently announced 'co-funding agreements' which aim to push research along.

Another interesting - and much more app-focussed - development is New Zealand's first professional training programme for would-be App developers. It will soon be starting in Hamilton.

Probably NZ's most prolific apps company, MEA Mobile, has partnered with Prima Learning Ltd to open the country's first school entirely dedicated to app development.

MEA is best known globally for developing the iSupr8 retro video app for iOS and Android. MEA Mobile Director Rodney MacFarlane says the rationale comes from MEA Mobile not being able to find enough experienced people to fill the roles available, a problem it shares with other potential employers around the country.

Our unemployment rates are at record highs yet companies simply cannot find enough proficient app programmers to fill excellent roles in their ranks.

Prima is 100% owned by the Wintec (Waikato Institute of Technology) Foundation, a charitable trust.

To register go to the website and complete the enrolment details or call 0508 532 764.

Local app developers rely on events and conferences to broaden their skills, and Prima's General Manager Wayne Lim says app developers working in New Zealand sometimes take time off work and go overseas to get skills. But on the conference front, NZiDev was set up by Jade Corporation as a conference run in the BarCamp style by '(un)conference guru' Nathan Torkington. Basically, attendees of the iDev event set the agenda, then run the show.

Driven by the passionate iOS developers last year, NZiDev covered everything from security and encryption to start-up myths, and marketing and interface design. I have attended one - it was informative and, most of all, loads of fun.

iDev adds two pre-planned sessions this year; one from NZ marketing guru Ian Scherger on Rapid Fire Branding, and the other on the use of iOS for the blind in Let Your Apps Voice Be Heard from Jonathon Mosen, an avid, yet blind, user of all things Apple.

Find out more and sign up here.

Of course, some 'apps' are fairly simple and actually lead to web apps, which depend on internet connections to supply their utility. It's also an important sphere, with many NZ agencies (in particular, banks) putting out apps that tap mobile-tailored web apps. In Wellington, over 400 attendees are anticipated for Wellington's WDCNZ 2013 web developer conference, for which pre-registrations have just opened. The conference will be held on Thursday 25th July 2013.

This is the third year of the conference and WDCNZ 2013 will be held at a larger venue (Wellington's Michael Fowler Centre).

WDCNZ provides a community and support for web developers to share their experience of cutting code and delivering software, regardless of the languages and tools they use.

Conference founder Owen Evans says the web developer community in NZ continues to grow, reflecting the opportunity in business.

The core theme for WDCNZ will be front-end development (CSS, JavaScript, HTML), with a strong focus on gender diversity and minority, and a panel session discussing how the web can be made more accessible.

You can check out the video of content from WDCNZ 2012 online.

Finally, a developer is haring off on an African bicycle ride which you may be able to assist, as Daniel Wood from Digital Fusion will also be raising money for The Heart Foundation. He's riding his bike from Cairo in Egypt all the way to Cape Town in South Africa. That's a 12,000km trip that takes around five months to complete, from January. The Tour d'Afrique includes around 50 other like-minded nutters (I mean 'individuals') on the 11th year for the Tour.

Daniel says "Any amount is greatly appreciated! For companies who choose to donate, your logo and site link will go up on my site for the world to see."

You can follow the adventure through the website set up for the trip.

Good luck, mate. I will be thinking of you on my little 12km daily fitness bike trip around Auckland's inner suburbs. Anyway, altogether, NZ's strong presence in the world of app development is due a good push, with more opportunities arising to get yourself the skills you need to prosper - and, more importantly, for you make some cool stuff we can use ... but it can all do with our investment in time, money and energy.

By Mark Webster

Microsoft fixes critical issues in Internet Explorer, Windows Kernel

Microsoft repaired critical remote code execution vulnerabilities in Internet Explorer and the Windows Kernel, issuing six security bulletins, including four critical in the software giant's November Patch Tuesday updates.

MS12-071 and MS12-075 are the two critical bulletins IT patching administrators should focus on the most, wrote Dustin Childs, group manager at Microsoft's Trustworthy Computing, in a blog post about the bulletin release. MS12-071 addresses three remote code execution vulnerabilities in Internet Explorer 9. A successful attacker could gain the same rights as the user, so accounts with fewer rights could be impacted less than those with administrative privileges. The patch will require a restart.

"Internet Explorer gets an update, but it's only IE9, [and] not many people in the enterprise have it yet," said Wolfgang Kandek, CTO at Redwood City, Calif.-based Qualys Inc. He added that enterprises that run IE9 on company devices should definitely prioritize this update.

MS12-075 fixes three vulnerabilities in Windows Kernel and the most severe could allow for remote code execution if a user opens a malicious document or visits a malicious webpage with embedded TrueType font files. Kandek said although the font issue can have a serious impact for users, this particular exploit will be difficult for an attacker to figure out. This puts MS12-075 in contrast with the Internet Explorer flaws, which Kandek said is easy for attackers to reverse engineer.

A restart is required to apply the updates in MS12-075. The bulletin applies to all supported versions of Microsoft Windows.

The four critical vulnerabilities are rounded out by MS12-072 and MS12-074. MS12-072 addresses two vulnerabilities in Microsoft Windows that could allow remote code execution. To be affected, a user would have to visit a specially crafted briefcase in Windows Explorer. The patch requires a restart.

MS12-074 fixes five vulnerabilities in the .NET Framework, including one that could allow for remote code execution. To be successful, an attacker would have to convince the targeted operator to use a malicious proxy auto configuration file so the attacker could then inject code into the running application. It may require a restart.

The fifth bulletin, MS12-076, was only marked as important. However, Kandek said the ubiquity of the affected software, Microsoft Excel, makes this vulnerability important for enterprises. MS12-076 resolves four vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file with an affected version of Microsoft Excel. Kandek pointed out that since Excel is used so frequently in the workplace, many employees at enterprises would open an Excel attachment in an email as long as it wasn't worded too suspiciously.

The final bulletin, MS12-073, was classed as moderate. It patches vulnerabilities in Microsoft Internet Information Services that could allow information disclosure. Applying the update may require a restart.

Last month, Microsoft announced in Security Advisory 2749655 they would be issuing re-releases of updates that were initially given an incorrect signature timestamp.  The first two updates were made available in November's patch: MS12-046 for Visual Basic and MS12-062 for System Center Configuration Manager 2007.




David Strom: Why Online Advertising Has Many Benefits & Challenges For Small Businesses

From David Strom

If you run a small business and aren't an expert in online technologies, you will end up in one of three situations:

â€"    you will quickly learn how to do some of the more important aspects of online marketing yourself,
â€"    you will pay a lot of money to people who are experts in taking your money and little else, or
â€"    you will ignore the online world and continue to wallow in your Luddite-ness while others are building their businesses.

Here is my guide on how to avoid the latter two end states and get smarter about online marketing.

I have been spending time with a friend of mine who owns her own retail interior design business. Earlier this year, she decided to grow her business using online marketing. Over the past several months, she has acquired new customers and found her niche. But it hasn't been easy. She has had to attack the online world on several fronts, and develop an expertise in Google AdWords, Houzz.com, HomeAdvisor.com, and Angie's List. She needed to beef up a simple Wordpress-based website, and learn how to screen consultants offering  her a variety of deals, some pricey, some ineffective, and some that were just plain scams.

Let's start with the website. Any retail business today needs a solid website that shows their product, contains recommendations from
satisfied customers, and makes it easy for a potential customer to research the firm and understand what products and services are offered and at what price points. I told my friend to look around the Web and find a couple of local sites that she liked and then call the business owners and find out who developed the sites. With one restaurant, the site was beautiful but it was $40,000. Another consultant wanted $4,000. Nice but still a bit pricey, and this consultant wanted to build a site from the ground up in Drupal, which I had my doubts that my friend could maintain over time. She ended up with a third consultant who used a nice WordPress template. That was attractive because she already had some familiarity with WordPress and could make the changes herself. Total spend so far: $1,000.

To populate the website, she needed photos of her work. She found a budding photographer who could do appropriately lit interior shots at
low cost, and would send her digital images along with watermarks to distribute online. Another $1000.

Then she heard about Houzz.com, a wonderful social media site. Designers post their pictures of their rooms and objects in them; the
public indicates their preferences. Clients post their reviews of both. In the past, my friend has had to carry around a looseleaf
notebook filled with clips from shelter magazines for her clients to indicate a preference. Now she can do it digitally.

But Houzz, and other specialty communities like it have another function. By writing comments on these discussion forums, she is sharing her knowledge with the people most likely to hire her. It doesn't cost her anything to participate in these forums, other than her time, and she is reaching a ready-made audience of thousands of customers. As a result, she has gotten new clients and her work has been featured in regional design magazines.

The next step was expanding her reach to other places that people would look at when hiring a designer. Here sites such as HomeAdvisor
and Angie's List come into play. There are a variety of rules and regulations for each site, and how you get recommendations posted on each. Part of the trick here is again finding the right specialty sites that have the best fit in your particular market segment.

The next step was understanding and using Google AdWords to create a series of paid search ads that would direct visitors to her website.
This is an entire world unto itself, and required spending some money and experimenting with various ad campaigns, keyword selection, and
geo-targeting her ads. A good place to read about this world is in a series of posts by small business owner Paul Downs about his furniture
making business on the NY Times Boss blog. http://boss.blogs.nytimes.com/tag/my-adwords-debacle/

Downs writes, “Basic ad group maintenance requires checking how many e-mail inquiries we get, whether the click-through rates are comparable to the overall campaign, which keywords generate the most traffic, and whether the ads are being triggered by searches that are relevant.” He adjusts his keywords constantly to tune his AdWords spending, even creating negative keywords to prevent wasting money.  Part of the challenge here is in understanding what you are paying for, too. Google “tells you what level of spending - the maximum recommended amount - it would take to buy the rest of the clicks. What it leaves out is that the additional clicks you buy may not be of sufficient quality to result in additional sales.”
Part of Downs' marketing pipeline is taking the inquiries from his paid search campaigns and qualifying them. He has two salesmen that use a ten-question survey to ask what kind of furniture they want to purchase. He then produces a clas sy proposal that is easy to understand and can be passed up the decision food chain to the ultimate decision-maker, without tying up a lot of his time in the process.

The challenge of AdWords is in the amount of data you have to look at to understand what you are doing, where you are spending your money,
and how to improve your campaigns. “Beyond the most important number (monthly sales), I look at Web site traffic; the number of inquiries
coming in each day, week, and month; the number of proposals written; and how much each salesman contributes to these totals.”

Downs' business was humming along until earlier this year, when he introduced a new and lower-cost product. After months of seeing his
total sales volume drop, he realized that he was wasting his Google AdWords spending on clicks from non-profits and schools, foregoing
clicks on bosses and less-price sensitive potential buyers. “By all of its own metrics, the AdWords campaign was a home run. I had received
lots of impressions and bought lots of clicks. The only problem was that these apparently were the wrong clicks…. My AdWords spending was
going to the wrong people.”

Downs spends several hundred dollars a month on his campaigns, my designer friend has a similar budget but varies it based on her
availability and how many new clients she is taking on: she doesn't want to grow too fast. She also runs short-lived campaigns because she
has found that her clients are only shopping online at certain times. This way improves her ad placement (the more you spend, the higher
your ad ranks on the results).

As you can see, setting all this up is time consuming, and does involve some cash outlay. You can certainly spend more and get an “SEO
expert” and you can certainly spend almost no money and get something that doesn't really deliver. The trick is finding that middle ground
where you are comfortable and yet can continue to sustain or grow your business at the rate that you want.

Still to come: writing a regular blog that will feature her clients and some of her thoughts on design, and spending more time developing
a following on Houzz et al. And probably an email newsletter too. It is an on-going process. None of these things cost a lot of dough,
though: just time.

Part of what is going on here is balancing each of the different online tools to create what Downs calls your own business narrative:
“Every day I tell myself a story about what is going on with my business, and I draft future chapters that help me decide what to do
next.” The trick is making sure you don't go too far afield and you can explain the results that you see from the various reports.



Real-Time Facebook Analytics: PageLever

Businesses that use Facebook to reach consumers are constantly looking for ways to maximize their impact and their reach. To do this, you need to learn more about the social media habits of your target audience. There are plenty of analytics tools available to help businesses do just that, but not all of them give users a constantly updated view of their data so that they can really make the most of their efforts.

PageLever, an analytics provider that gives brands insights into their Facebook Pages, has just released a new tool that gives visual insights into Facebook page data in real time.

Facebook updates the raw data from pages about every 15 minutes, so PageLever takes that data and puts it into usable charts and graphics so that brands can easily make sense of the analytics data provided by the site.

In the above photo, you can see the charts depicting what times and which posts receive the most views and interactions. Below the chart, PageLever also includes some numerical stats such as number of comments, shares, and clicks, as well as any posts from users that have yet to be viewed by a page admin.

Of course brands have a number of options for seeing how many users are interacting with posts and when, but seeing this data after the fact can potentially take away some of the options for businesses looking to capitalize on the popularity of particular posts.

For instance, if a business notices that a post from fifteen minutes ago is gaining an unusual amount of views and other interactions, it could amplify it even more by purchasing a Promoted Post ad while that particular post is still relevant.

It can also help brands learn about their popular posts, the demographics of their network, and when, in general, their posts reach the most users, but this can technically be learned through analytics services that don't give real-time results.

PageLever isn't the only analytics service providing information in real-time. Google Analytics, which offers free insights, is just one example of a service that also updates in real-time.

However, PageLever is focused specifically on Facebook insights, so some of the more specific analytics features might prove to be valuable for companies that use Facebook often. PageLever plans start at $99 per month.




Military Grade Email Security for Your Small Business

When you send an email, 99% of the time it is visible to anyone who has access to the servers it travels through. Even after hitting delete, your email might remain intact on the internet for years, if not indefinitely, depending on the backup policies of the server owners.  Unless you are currently using an encryption suite for your corporate or personal matters, you fall under the 99% of people who are currently conducting business out in the open.

Although email encryption has been notorious as a lengthy process which usually involves installing cumbersome software and worrying about public and private encryption keys, today there is a fresh piece of software available, which streamlines the entire encryption process on both desktop and mobile devices.

Enlocked works as both a plugin and internet application, allowing users to bypass the need to download additional software when viewing files.  This is a feature crucial for road warriors who don't always have access to their own computers. After installing Enlocked on your main machine, users simply have a “Send Secured” button right next to the typical send button. By clicking “Send Secured”, Enlocked then works behind the scenes to encrypt the email and push it through their secured servers to the intended recipient.

To access secured emails, recipients are given the option of downloading the Enlocked plugin or viewing the emails through a secure web interface. The process is simplified through the fact that when a user first receives an email secured by Enlocked, they are shown a message explaining how to download and install Enlocked or how to access the email through the online portal. If a user already has the plugin installed on their system, the email will be decrypted automatically without any action from the user.

Despite the ease of use, Enlocked uses Pretty Good Privacy (PGP) as the encryption system for all its emails. For those unfamiliar with technical jargon, PGP is a top grade industry standard of encryption which has been on the market for decades. In fact, PGP has never been cracked, and the standard has been cited by major computer security experts as the closest form of encryption civilians can get to military grade security.

When it comes to security, Enlocked streamlines user authentication by not requiring users to create another username & password for the system. Instead, users simply log into their email accounts and Enlock then authenticates automatically.

Overall Enlocked appears to be a very promising piece of software, as it packs industry leading security in a package simple enough for small businesses to embrace.  Enlock is currently a free service and is a free plugin available for:  Firefox, Chrome, Internet Explorer, Safari, and Outlook. It also is available as an app for the Android and iPhone. As of the time of writing this article, the Blackberry version is still in beta.



BYOD challenges deter enterprises from adopting policies, survey finds

The effects of the bring your own device trend are deterring some companies from implementing formal policies to address it head-on, according to a new survey from Broomfield, Colo.-based security firm Webroot Inc.

One of the biggest concerns IT professionals will have with their user base is lost devices.

Armando Orozco,
senior threat analyst, Webroot Inc.

According to the Webroot Business Mobile Security report, 56.5% of mobile security decision makers with bring your own device (BYOD) implemented at their companies said managing the security of employees' devices is challenging. Webroot gathered the results through an online survey of 725 endpoint and mobile security decision makers from companies in the U.S., U.K. and Australia that responded.

The mixture of laptops, mobile phones and tablet devices with multiple platforms and multiple product versions in the market have created pressure on CISOs and IT security teams to find ways to secure them, said Armando Orozco, senior threat analyst at Webroot. The survey found that 62% of companies with company-owned or employee-owned mobile devices reported significant increases in demand for help desk support to repair, replace or manage the security of the smartphones and tablets in the company.

The complicated BYOD challenges may be deterring some companies from installing any plan at all. Fifty-six percent of those surveyed indicated that they are very or extremely concerned about mobile threats but have no plans to implement a policy. Regulatory compliance also is not motivating firms to take action: Thirty-one percent are worried about compliance with industry regulations but have no plans for mobile security.

In addition, 31.6% said the cost savings and productivity gains from allowing employees to use their personal mobile devices at work outweighs the security risks.

"One of the biggest concerns IT professionals will have with their user base is lost devices," Orozco said. That concern is well established. In the survey, participants identified lost or stolen devices as the most common problem; 43.5% of decision makers said their companies experienced this issue in the past year.

Mobile security decision makers at companies that have implemented security controls had stronger concerns about mobile threats. Mobile malware infections are a chief issue because of fearsover loss of company or customer data and compliance with industry regulations.

The effects of mobile threats on companies were also high. In the past year, 60.2% of companies required additional IT resources to manage mobile security. Fifty-five percent said employee productivity decreased due to threats.

These numbers included companies with and without mobile security. When the groups were separated, companies with no mobile security reported higher numbers, but not by much. Sixty-three percent of those without mobile security needed additional IT resources to manage security, compared to 57.5% of those with mobile security.

Overall, endpoint security is still more highly valued than mobile security, with 79.6% of companies rating endpoint security as a high priority and 48.9% saying mobile security is a high priority.




Sales Lessons From The 2012 Election

What I am about to say is not a political statement. I am neither a Democrat nor a Republican. I look at the results of the 2012 election through the prism of business and sales practices. To me, there are stark lessons that can be learned by sales people and small business owners.

sales

Let's start by taking a look at what happened.

On November 6th Americans cast their votes for who they wanted as President and Vice-President of the United States. All of the information available at the time showed that 49% of the population was going to vote for the Democrat and 49% of the population was going to vote for the Republican. That left only 2% up for grabs. That 2% was the Independents and it became a target market.

When we decide to prospect we should start with understanding the value of our product or service. What is it about our offering that is of value to our clients? Why do people buy what we have to sell? What problem does it solve? It is this understanding that helps us identify appropriate target markets. “Appropriate target markets” is the key here. You can't sell something to someone who doesn't see value in it.

At the same time, if you don't deliver your message effectively, even the “appropriate target market” won't hear it. So, you can see that there is a lot to selling effectively.

When we look at the 2012 election we see the following:  The Democrats understood the target market better than the Republicans. They developed a message that the Independents heard and understood. The Independents ‘bought' the value the Democrats were ‘selling.' And so, the Democrats won. Get it?

It's not a political statement. I'm not talking about whether one side has more value than the other. I'm talking about how they each went about the process of prospecting to that target market and what the results were. It may be that the 2% wasn't a viable target market for the Republicans.

If we assume that they understood their value and messaged it, well then the results indicate the target market didn't need what they had to sell; the Independents, therefore, were not an “appropriate target market” for the Republicans.

If we assume that the Republicans were thinking first about winning over the target market and not about their value, then we can conclude that they proceeded with a message that wasn't based in value as the target market would see it. They decided that they were going to share their message and convince people that it was valuable.

They weren't, in this case, thinking about solving the problem of the target market. They were thinking that their message was compelling and people would hear it. Unfortunately, that's not how it works.

So, what can you do with this information? Learn the lesson and create a sales strategy that works:

1. Understand Your Value

Know why it is that people need what you have to sell. Don't get caught up in what you want them to know. Think about things from their viewpoint â€" what they want to know. What do they need to solve their problem? Do you have that thing?

2. Identify Appropriate Target Markets

You can't sell to people who don't need or want what you have to sell. And you will waste your time if you decide to pursue the wrong markets. Once you understand your value, identify the target markets that will see it.

3. Message To The Market Directly

Make sure your message is pointed to a specific target market. In order to be heard, you should pick one target at a time to prospect to. Your message should speak directly to them so they hear it.

When you realize that the only people/companies that will buy what you have to sell are those who need it, you'll spend your time prospecting to them. And once you identify who they are, help them solve a problem. Then, and only then, will they want to do business with you.

Learn the lessons from the 2012 election. Don't sell to inappropriate target markets. Do message effectively to appropriate target markets.

Election Photo via Shutterstock




App of the Week – Weave: Letting Users Weave Business and Personal Life Together on iOS

Weave is a new iOS app that is letting small businesses, as well as consumers, keep track of to-dos from the convenience of their Apple device.

Weave is a highly-rated new app from Intuit, Inc. that offers much more than simple “to-do” task management. The app goes where the user goes, allowing them to harness the full set of features found in Weave throughout the day.

A quick look at some of the features found in Weave includes:

  • Create to-dos with optional notes, due dates, and alerts,
  • Manage activities with reminders and high-priority indicators.
  • Share projects and tasks with other Weave users, and allow anyone to make edits and update progress.
  • Send email updates directly to non-Weave users to keep them posted on the progress of a project.
  • Track income and expenses in multiple currencies, along with time spent on any given activity.

Weave brings its powerful features to iPhone and iPod Touch users in more than 100 countries. The app lets anyone create a central hub for keeping everyday life organized. The app is ideal for small business owners wanting to monitor task completion, parents wanting to keep track of family events, or any number of other routine activities. Check out this quick video showcasing how you can use Weave to manage tasks:

“It's not surprising that so many people around the world use Weave, given we all have tasks in our lives that we could do a better job of managing,” said Dan Wernikoff, senior vice president and general manager of Intuit's Financial Management Solutions Division. “Juggling work and personal commitments is difficult, so we designed this intuitive and beautiful application to simplify the business of life.”

You too can benefit from the intuitive feature-set found in Weave. Weave is available for free from the App Store or at www.itunes.com/appstore. The app works on iPhone and iPod touch, including iOS 6 and iPhone 5.Optimized with InboundWriter



Enterprises at core of vendor software security testing, Veracode finds

Formal software testing programs are lacking at many enterprises, but the trend is moving in the right direction, according to application security vendor Veracode, which conducted an analysis of software submitted to its code scanning platform.

The enterprise has to put policy in place to outline the criticality of defects that are required to be fixed and a certain time frame to get them fixed.

Chris Wysopal, CTO, Veracode

The volume of vendor supplied software security assessments is growing and Veracode said the increase is being fueled by customer demands from enterprise clients.

A decade ago many enterprises had teams of developers to build custom software, but today many companies rely on third party firms for application development, said Chris Wysopal a noted software security expert and CTO of Veracode Inc. Enterprise CISOs are learning that they need to gain visibility and some level of control of the development process, he said. "Today companies either buy software from a specialized vendor or outsource the development of custom software," Wysopal said. "It's almost always the case that the customer is forcing the review process to happen."

Burlington, Mass.-based Veracode reviewed 939 application builds submitted to its software security testing platform during an 18 month period from January 2011 to June 2012. The number of requests for a code review of vendor supplied software remains relatively low. Less than one in five enterprises have requested a code-level security test from at least one vendor. However, the volume of vendor-supplied software or application assessments continues to grow with a 49% increase from the first quarter of 2011 to the second quarter of 2012.

The analysis found that 38% of vendor supplied applications complied with enterprise-defined policies. Many common coding errors exist in the software with some of the most prevalent vulnerabilities in vendor applications appear on industry lists of the most dangerous flaws, Veracode said.

Veracode detected many common coding errors from cross-site scripting (XSS) flaws to SQL injection errors. Four of the top five flaw categories for Web applications are also among the OWASP Top 10 most dangerous flaws, Veracode said. Of the 939 application builds submitted, 78% contained information leakage, 71% had XSS errors and 67% had cryptographic errors.

Wysopal said enterprises that develop a formal code review process for custom built or third-party software are going to be able to assess a greater number of applications.  The result are applications that are less vulnerable to attacks. The study found that 62% of applications fail to reach compliance on first submission. Wysopal advocates for a mixture of static and dynamic code analysis. A manual review is even better, but very costly because it is time intensive, he said.

"The whole thing is driven by enterprise policy," Wysopal said. "The enterprise has to put policy in place to outline the criticality of defects that are required to be fixed and a certain time frame to get them fixed."

The only drawback with a cloud-based application code scanning service is that the findings and vulnerabilities are in a third-party's systems, said Phil Cox, director of security and compliance at Santa Barbara, Calif.-based cloud management vendor RightScale Inc. "You've extended your trust boundary," Cox said.

Nick Selby, CEO of Southlake, Texas-based StreetCred Software Inc. said customer demands have driven the need for his firm to get its software appliance thoroughly tested through an application code review and pen testers. The firm's appliance taps into various law enforcement systems collecting sensitive data that needs extra layers of protection, according to Selby.

The software and pen testing reports help reassure customers that the company takes security seriously, said Selby, an information security consultant and former Texas police officer. "We wouldn't have done it any other way," Selby said. "This is about establishing trust with our clients."




Getting Ready To Operate A Business

Once you've incorporated a business as a legal entity, written a business plan, and laid the groundwork to start selling to customers, it's time to start thinking about the reality of how to operate a business. Think through the basics of your small business operations, everything from office space to finding advisers to hiring employees.

Small business success isn't just about having a great business concept and having a lot of inspiration and passion (although these things are important). It's also about doing all the “little things” right, day in and day out to operate a business , build strong customer relationships and keep your business thriving over time.

operate a business

Here are a few steps on your journey to operate a business after starting a new one â€" and every step gets you closer to the first sale:

Outfit Your Business with Office Space, Equipment and Supplies

There's an old saying in the real estate business: selling homes is all about “location, location, location.” Depending on the type of business you're in, choosing the right location can make or break your business. If you run a retail business, being in the right location can make the difference between getting lots of foot traffic and plenty of spontaneous visits from new customers, or being overlooked.

Even for non-retail businesses, choosing the right location with well-outfitted office space can make an important difference in creating a comfortable, energizing work environment. After all, your office will be your “home away from home” as you launch your business. If you run a manufacturing business, now is the time to get your equipment in place and make arrangements with suppliers to ensure efficient ongoing operations.

Build Your “Outside Team” â€" Hire Good Help

Every business needs a team of trusted advisers to help negotiate the complicated details of legal compliance, taxes, accounting and other topics that are outside the business owner's immediate expertise. Most companies, no matter how small, will be well-served by finding a good business attorney, a banker and an accountant.

Many entrepreneurs are confident, energetic and eager to learn â€" but the fact is, no matter how smart you are, you can't be an expert in everything. Instead of taking time away from your business to sort out every last detail or accounting or legal compliance, you need to learn to delegate and get help when needed.

Your business lawyer can help offer legal advice and help you stay in compliance with regulations. Your business accountant can help you manage cash flow, read your balance sheet, make your estimated quarterly tax payments and file your tax returns. Forming a personal relationship with a business banker can help you get set up with bank accounts and get access to lines of credit as you continue to grow.

The best way to find expert business advisers is to ask for referrals from other small business owners. CorpNetâ„¢ can be an integral part of your “outside team.” We don't offer tax prep help or legal advice â€" but we can serve as your “outsourced business filing team.”

Build your “Inside Team” â€" Hire Employees

Nothing gets done without employees. Hiring the right people, with the right pay and incentive structures, can help your business grow faster than you ever could have imagined. It's best to start small and try to avoid hiring more employees until there is enough demand to cover the cost of the extra salaries. As part of hiring employees, you also need to create a day-to-day management plan and job descriptions to make sure you can keep your employees productive and motivated.

Learn the Rules â€" Educate yourself on Employment Laws and Regulations

Once you hire employees and officially become an “employer,” you are undertaking an obligation to comply with many employment laws and regulations, at both the state and federal levels. Unfortunately, many fast-growing business overlook the details of employment law â€" and they do so at their own peril.

Do yourself a favor and spend time with an employment law professional to understand your obligations as an employer in such areas as federal and state payroll and withholding taxes, self-employment taxes, anti-discrimination laws, OSHA regulations, unemployment insurance, workers' compensation rules, wage and hour requirements, among others. You want to make sure you're treating your employees fairly and complying with the law. Even a well-intentioned mistake or oversight can result in significant liability or fines for your company.

Get Business Licenses and Permits

Depending on the type of business you are operating, you may be required to obtain one or more business licenses and/or permits from the state, local (city and county) or even federal level.

Depending on the type of business and the laws of your jurisdiction, these can include, among others, a general business operation license, zoning and land use permits, sales tax license, health department permits, and occupational or professional licenses.

At CorpNet™, we can provide assistance in this area through our business license services. Read more about how CorpNet can help you get the right business licenses for your company.

Get a Tax ID Number

If you're a sole proprietor or individual paying taxes, you can file taxes with your Social Security Number. But once you've incorporated as a corporation or LLC, and/or once you've hired employees, you need to apply for a federal Tax Identification Number. The tax ID number is also called an Employer Identification Number, or EIN. It is like a Social Security Number for your business and is used by the IRS to identify your business for tax matters. You may also need a similar ID number from your state. Obtaining Tax ID numbers is yet another area where CorpNet™ can help. Read more about how CorpNet can help you get a Tax Identification Number for your business.

Buy Business Insurance

Running a profitable business is not only a matter of earning revenue and paying bills â€" it also is important to protect yourself against catastrophic expenses. Carrying insurance for various aspects of your business can help you avoid the worst-case scenarios of running a business â€" for example, liability insurance can protect you in case of a lawsuit. Your specific needs for business insurance will vary depending on the type of business, availability of insurance, and your business's specific risk factors. Consult with an insurance agent who understands your specific industry and who has sold insurance to other businesses in your field.

Prepare Your Marketing Materials

Now that all of your legal “ducks are in a row,” and you have an official licensed business with a unique (and/or trademarked) business name, you can check off the final item on our Countdown list and create marketing materials. High quality marketing materials â€" including a well-designed logo, website, stationery, business cards and marketing brochures â€" will help you project a professional image. You want customers to know that your business is a legitimate, credible “serious” organization. High quality marketing materials will help you put your best foot forward to make a strong first impression with customers.

Are you getting more excited to operate a business? Soon you'll be ready to open and start helping customers. In our next article we'll discuss a few other financial and legal matters that every smart entrepreneur needs to know about.

Planning Photo via Shutterstock



A Trail of “Breadcrumbs” Leading To Restaurant Success

The power of mobile device Point Of Sale utilization is now at the fingertips of the hospitality industry â€" namely, restaurants, bars, cafés, and other service-oriented businesses. If this is your business and you're looking for ways to simplify, here's a little something for you.

A few weeks ago, the deal-mecca website Groupon announced a new service called Breadcrumb. The imagery of this name might generate thoughts of chaotic patterns of food debris everywhere, but the service it offers is anything but chaotic.  In its own words, “Breadcrumb builds everything you need to run a full-service restaurant or bar.” This includes menus, routing orders to kitchen stations, printing, and running cash drawers. It also gives management the tools to track costs such as labor and food inventory, which can be delivered via e-mail so being away means not being out of touch.

Breadcrumb offers a full suite of service, including 24/7 technical support and training to get up and running with the system, which sounds pretty good considering plans are fairly low-cost for smaller businesses ($99 a month for one iPad, to $399 a month for up to ten iPads). However â€" and this is a big however that should be made clear up front â€" the plan does not include the cost of hardware, such as the actual iPads, printers, or anything else related; it is only for the software and the support that goes along with it. The cost per month is also per venue, meaning for each restaurant/café location, so if you own more than one and want this system, you'll need to pay that price for each location.

Considering that the restaurant industry is one of the more close-shaven businesses out there, leaving very little room for profit, this might not even be in the ballpark for consideration. Think about the possibilities, though, for any kind of automation of your order-taking business. This system has many features, including ingredient management, course creation, and real-time table organization.

Also, consider the ‘cool factor' from your customers' perspectives. Having their waitstaff take their order on an iPad is still not something you see every day (I've yet to see it myself, anywhere) and could give you good buzz via word-of-mouth. Orders would be easier to manage and less likely to be accidentally messed up.

Information such as the ingredients of a particular dish can be immediately called up, which would be a boon especially for new staff that might not be familiar (or just can't memorize it all). Customers can also pay with a card right there at the table, instead of handing it over to be taken off to a station somewhere, out of their sight. The speed at which all of this flows together will potentially make any staff work faster and more efficiently.

In a business where you're trying to get an inroad with your customers, making your team work more efficiently and with better service can only be good for your bottom line.



5 Things Your Website Should Do

Your website is the face of your business on the Web. It's what greets your customers when they decide to check you out or get more information. It conveys your message, shows them what you're about, and is often their first point of contact with your brand.

So are you using your site effectively? Or are you giving off a tone and impression you may not even be aware of?

Lately, I've been spending a lot of time talking to business owners about the current state of their website and what it is (or is not) saying to consumers. While we all do our best to prepare for the start of 2013 (yes, this is already happening) below are some reminders of the key objectives your website should serve.
Your website should:

1. Tell your story

A visitor to your website is looking for information about your product or services to make a more informed busying decision. But that's not all they're looking for. They're also looking for you. The messaging, visuals, and types of content/features you put on your website play a vital part in telling potential customers who you are and revealing your brand story.

Social media has turned us all into voyeurs. We don't just want to know why you're competent at your job, we want to know what moves you. If I'm looking for a new lawnmower, there are hundreds of sites on the Web to choose for. I'm on your site hunting for cues as to why you are the company I should support. Your website needs to answer WIIFM (“what's in it for me”) while giving me something to relate to and support. . Maybe it's that you excel in customer service. Maybe it's that you donate 10 percent of your profits to a particular cause. Maybe you're a family-owned business. All of that information is going to be taken into account when I look to make a decision.

I'm looking for it, but are you giving it?

2. Address Core Business Goals

Many times in the excitement/rush of putting up a new website, we grab a template, throw together some content, and let it loose without giving much thought to the purpose of the site or what we're trying to accomplish. We think having a site that just exists is better than having no site at all. But what's the point of having a marketing tool if you're not benefiting from it? It's a wasted resource.

Your website should be looked at as an extension of your company, and tasked with achieving the same type of goals that surround your business. The goal of your site may be straight lead generation. Or it could be to get someone to pick up the phone or fill out a form. Or maybe it's just to inspire donations or point users down some other path. You need to identify what your core goals are so that a solid conversion path can be created and built into your site.

3. Educate

Outside of the other goals you identify before, one of the main benefits of your website will be to educate your audience. Your site will stand to not only inform them about your services, but to provide knowledge and insight about your industry or topics related to whatever it is you do. By doing this you'll be able to establish yourself as a true resource. You may choose to educate your audience through status updates, through a blog, a newsletter, creating videos, or just sharing links to third-party websites. Whatever it is, work toward building your site up as a place for industry education. That's how you'll stand out and attract an audience that keeps coming back.

4. Show off your assets

There's nothing more frustrating for me than meeting with a client who appears to be purposely hiding their most interesting assets. They're on Twitter, on Facebook, on YouTube, they're blogging, and they're creating content that is worthy of sharing. But then they're either hiding it on their site or they're not putting it on their site to begin with.

  • You work hard to create awesome stuff. Show it off!
  • Do you attend industry conferences where you speak on topics related to your business? Show people this.
  • Do you create video tutorials designed to walk people through common problems? Make sure people can find it.

Often, we're sitting on a goldmine of content assets that we don't even realize. Pull these things out of the basement, dust them off, and make them part of your website. Sometimes the best assets you can create are things you already had but didn't do anything with.

5. Create an Experience

Ultimately, this is what everything above leads to â€" creating an experience around your brand that your consumers will enjoy. If people enjoy their interaction with you, they'll be back. If they don't…they probably won't.

Those are five things I always look for when analyzing corporate websites. How are you using your site in interesting ways?




Five Tools That Turn That Stack of Business Cards Into Electronic Files

In an increasingly mobile world, paper business cards seem outdated. They end up in your glove compartment, tucked into compartments of your wallet, and in the pocket of your jacket. Still, businesses need a way to easily exchange contact information and VCards can be tricky if your colleagues have never used the technology before. Thanks to modern smartphone cameras, you can scan and save business cards into your phone, where you'll always have it handy. Here are five great software solutions to turn  your smartphone into a business card scanner.

  • WorldCard HDâ€"Now available for the iPhone and iPad, in addition to Android devices, WorldCard HD is award-winning software that allows users to scan a business card using the camera's phone and, through Optical Character Recognition, have the information converted to text and transferred to the user's contact list. The software also allows you to transfer information from a user's e-mail signature and find contacts from social media sites, as well as support for batch card processing and Google Map connectivity. WorldCard HD costs $14.99.
  • Google Gogglesâ€"The Contact feature of Google Googles allows you to scan a section of a business card and add the text on that section to your contact list. Best of all, the app is free. However, be aware you get what you pay for. Text recognition is spotty, so you may end up correcting so much of the information that it would have been easier to enter it manually.
  • Abbyy Business Card Readerâ€"With OCR that is accurate and available whether the user is online or off, Abbyy Business Card Reader is $4.99 for iOS or $9.99 for Android. Abbyy also makes Abbyy FineReader for scanning documents as editable text.
  • CamCardâ€"The big standout feature of CamCard is its ability to scan and import multiple cards at once. The screen fills up quickly, though, and navigation can be complicated, especially as one edits more advanced options. BlackBerry users may want to investigate this option, however, since it is one of the few business card scanning apps for that device. Android and iOS are also supported.
  • ScanBizCardsâ€"ScanBizCards allow you to easily manage your scanned business cards, exporting them to Excel and allowing you to create business card groups. ScanBizCards may be ideal for those who use SalesForce, since the interface allows for easy exporting of data. The app is $6.99 for iOS and Android and for $3.49 for the Windows Phone. Currently, VistaPrint is offering free access to the premium version of ScanBizCards with the purchase of business cards from its site.

For small business owners interested in making it easy for others to store and save their business cards to their smartphones, consider a QR Code Business Card, available from Zazzle. While you can control the automation of your business card storage, there are still many others who are a little further behind on their technology. By creating an easy way for your information to be added to their contact lists, you may give yourself an edge over the competition in your field.



Virtualised next-generation firewalls and new OS offered by Palo Alto Networks

Palo Alto Networks has announced the launch of a virtualised next-generation firewall platform and a new operating system.

According to the company, the VM-Series is a virtualised next-generation firewall platform that brings next-generation network security into the virtualised data centre environment.

Lee Klarich, vice president of product management at Palo Alto Networks, said: “With this release, we enable next-generation firewalls to help organisations with securing traditional and private cloud infrastructures from a growing array of threats, including unique, modern malware.”

Also launched is the PA-3000 Series next-generation firewall for enterprise users, comprising the PA-3020 and PA-3050 that deliver next-generation firewall capabilities at up to 4Gbps of App-ID throughput.

Supporting the new launches is PAN-OS 5.0 that the company said adds management capabilities to the virtualised data centre solution, allowing enterprises to tie user and app-based policies to virtual machines or server deployments via cloud automation or orchestration tools.

Finally, a new management appliance, the M-100, offers a dedicated appliance for the Palo Alto Networks Panorama management system to offer centralised control over a network of next-generation firewalls and distributed log collection capability for large-scale enterprise deployments, the company said.



Externally developed applications fail compliance tests and do not comply with standards

Around two-thirds of mission-critical applications are developed externally and are not compliant with industry standards.

According to a study of 939 applications across 564 distinct applications submitted to Veracode between January 2011 and June 2012, SQL injection (40 per cent) and cross-sites scripting (71 per cent) remain among the most prevalent vulnerabilities in third-party vendor applications, however few organisations have formal programs in place to manage and secure the software supply chain.

Veracode's annual State of Software Security Report found that 38 per cent of vendor-supplied applications complied with enterprise-defined policies, while 30 per cent complied with CWE/SANS Top 25 industry-defined standards and only ten per cent complied with the OWASP top ten.

The report also found that 62 per cent of applications fail to reach compliance on the first submission and few enterprises have application security testing programs in place, yet the volume of assessments within organisations is growing.

Chris Eng, vice president of research at Veracode, said: “The widespread adoption of third-party apps and use of external developers in enterprises brings increased risk.

“We are beginning to see signs that enterprises are recognising and addressing these risks. However, organisations still assume too much risk when trusting their third-party software suppliers to develop applications that meet industry and organisational standards. There is still much more work to be done to adequately secure the software supply chain.”

Wendy Nather, research director at 451 Research, said: “Today, every organisation is an extended enterprise, with third-party software a fundamental layer in the software supply chain.

“It's critical that organisations develop security policies when purchasing software from outside vendors because of the risks inherent in using third-party applications, yet few are actually demanding security compliance of their suppliers.”



Lockheed Martin admits to growth in number of attacks on its networks

Defence contractor Lockheed Martin has reported a ‘dramatic growth' in the number and sophistication of cyber attacks on its networks.

According to Reuters, the attacks are ‘international' and attackers were clearly targeting Lockheed suppliers to gain access to information since the company had fortified its own networks.

Chandra McMahon, Lockheed vice president and chief information security officer, said about 20 per cent of the threats were considered to be advanced persistent threats (APT) and had increased dramatically over the last few years.

Rohan Amin, Lockheed program director for the Pentagon's cyber crime centre, said that internal analysis showed that the number of campaigns had clearly grown, and multiple campaigns were often linked.

The company suffered an attack in 2011 as a result of the attack on RSA, with McMahon also saying that the attack was due to the compromise of another, as yet unidentified, company. However Lockheed Martin later said that no customer, program or employee personal data was compromised in that attack and it detected the attack ‘almost immediately'.

“The adversary was able to get information from RSA and then they were also able to steal information from another supplier of ours, and they were able to put those two pieces of information together and launch an attack on us,” McMahon said.

As the main information technology provider to the US government, Lockheed has long worked to secure data on computer networks run by a range of civilian and military agencies. The company is also trying to expand sales of cyber security technology and services to commercial firms, including its suppliers and foreign governments, according to executives.



SC Virtual Summit to address three mega trends next week

Three of the key topics challenging the information security industry will be addressed in next week's SC Magazine Virtual Summit.

Presented via the SC Insight channel, the third virtual summit will look at cloud, consumerisation and cyber crime across 11 online sessions, presented in SC's virtual world.

The summit will begin on the 22nd November at 9.30am GMT with a panel discussion on ‘Where's the Danger', looking at key themes and today's most potent threats. Speakers across the sessions will include security executives from Yell Group, BT, PwC, Oxfam and Education First, while one session will be co-hosted by Dr Larry Ponemon of the Ponemon Institute.

Full details can be found on the website here - www.scvirtualsummit.com. The complete line up can be viewed in the programme here.



Indian Firm Unveils $20 Tablet, Could Change the Industry

A heavily subsidized $20 tablet, which even at full price is cheaper than the lowest priced competitors, is being touted as the least expensive tablet in the world. Game changers like UK/Canadian/Indian startup Datawind's Aakash 2 for students and a slightly more expensive commercial tablet are possible in any industry with the proper focus. Today's roundup looks at how disruptive products and services are created and how your business can do the same.

The Next Big Thing

In for a penny, in for a pound. Datawind's already super cheap Aakash 2 was made even more affordable thanks to a deal with the Indian government to help realize the lofty vision of making the technology easily available for 100,000 students and professors in the country. If the initial roll-out works, the government may eventually order as many as 5.86 million of them. That's not counting the huge demand the company is already seeing for its commercial model. Quartz

The secret of success. As we can see in the instance of Datawind, the secret of success has little to do with superior technology, a well-established brand, or even a lavish startup budget. It has more to do with other factors like empathy, clarity, and timing, writes columnist Geoffrey James. Read more to find out why these qualities really make the difference when marketing your product or service. Inc.com

How To Innovate

Identify a need. It is not complicated at all to create a product or service that will prove to be a game changer in the marketplace. To start, simply identify a need and fill it, suggests marketer Susan Oakes. If this sounds obvious, Oakes seems to be implying through her example that the key is to find a need no other business is filling already. Your approach to marketing this solution should be just as simple, she says. M4B Marketing

Take stock of your resources. Training manager Shola Richards predicts a new television series is likely to transform all businesses, if business owners heed its advice. You don't need to be the president of a multimillion dollar corporation to spend some time in the trenches and get a different point of view of your company and how it works. The key to creating a revolutionary business is to take stock of your company's resources and talent to discover how to do things better. Cubepiphany

Focus on your brand. Content marketer Kasey Steinbrinck visits the unlikely world of standup comedy to show how small businesses can build a powerful brand by simply focusing on what sets them apart. Certainly, one element of this is that you innovate in your field, but you must also work to own your niche and stay inventive, whether you are engaging in marketing content or products and services. Copyjuice

Address price sensitivity. We started this post with a look at a tablet so inexpensive it couldn't help being a game changer in its field. But sometimes creating the cheapest product or service is neither possible or desirable. For this reason, you will want to address any price sensitivity your potential customers may have when deciding whether to do business with you. Here are some simple tips for tackling the price issue and coming out on top. TodayMade

Take smaller meetings. Believe it or not, meetings that go on for ever and involve more than two or three people rarely accomplish much, says business leader Michael Dalton Johnson, interviewed in this video clip by Chris Hamilton. Except for brainstorming sessions, keep meetings short and involve as few people as possible to make decisions that will move your company to the next level. Sales Tip a Day