Is the NIST Risk Management Framework poised to become a national cybersecurity standard?

A lot of organizations, including small businesses and critical infrastructure operators, might soon get new technical security requirements from the federal government. This will probably be very costly, especially for small businesses that don’t already implement the kinds of security measures that are standard for large federal contractors. I’ll give a brief overview of two […]

Read More

Galois’ Open-Source Projects on GitHub

Galois is pleased to announce the movement of our open source projects to GitHub! As part of our commitment to giving back to the open source community, we have decided that we can best publish our work using GitHub’s public website. This move should provide the open source community more direct access to our repositories, […]

Read More

FiveUI: Extensible UI Analysis in your browser

Galois is excited to announce the Open-Source release of FiveUI! FiveUI is a framework and tool for checking web-based user interfaces against codified UI guidelines. It is the first step towards an extensible, semantically aware, reusable and pragmatic toolchain for checking aspects of user interfaces against arbitrary guidelines. FiveUI currently works as a browser extension […]

Read More

HTML5 is Paving the Way for Semantically Aware Tools

Rich semantics are the Holy Grail for automated analysis tools; combined with extensible, familiar, and reusable tools and techniques we can seriously cut the costs associated with robust user interface development and testing.

Previously, we discussed the set of tools available for validating and linting HTML5-based user interfaces; (eg: the  W3C, numerous HTML/CSS editors, and tools like  HTML Lint). These tools help to identify syntactic issues, but what else is possible? The syntactic (and limited semantic) checks that these tools perform are necessary, but they aren’t sufficient to cover the body of intricate failures that can occur while creating the rich user experiences we’ve come to expect from interactive web applications and mobile devices. Linters and Validators can’t, for example, find bugs relating to the visual layout, and with good reason: Checking a UI is hard; it’s repetitive, monotonous, and more importantly, subjective work.

However, there is still room for improvement. Surely we can push the envelope to do more. What’s next, and how can we automate tasks that still challenge human analysts?

The first important insight is that many general guidelines for creating a good user interface have quantitative approximations. For example, the Windows 7 guidelines state:

Use title-style capitalization for titles, and sentence-style capitalization for all other UI elements.


Write the label as a phrase or an imperative sentence, and use no ending punctuation.

In the words of Richard Anderson: We have the technology! Which brings us to the first of a few key areas or techniques that could improve the tools that help ensure UI Consistency.

Read More

Rapid, Consistent Web Development is Coming with HTML5

HTML5 is coming, and it’s not just the next version of HTML.

HTML began as a lightweight mark-up language for linking documents on the web, with some rendering hints. As new versions have come along, support has been added for new kinds of content (images, video, interactive content). More recently, interest has grown in understanding documents and web applications on a deeper level. The most prominent example of this is the semantic web, which seeks to move from a “web of documents” to a “web of information”.

All previous versions of HTML make this an extremely challenging task, akin to trying to understand a philosophical text presented in terms of its typography.

HTML5 will change that. The designers of HTML5 have taken great care to separate semantic content (the information a document is intended to convey or represent) from the process of rendering (how a document should appear in a browser). Through this “separation of concerns”, HTML5 is equipped to revolutionize how we think of the web, how we work with it, and how we create new content. Our interest is in the potential for HTML5 to change how we specify, design, build, and analyze user interfaces – wherever they may appear: on the web, mobile devices, or desktop.

With consistent user experience as our guiding motivation, we survey the state of the art and practice of tool support for semantic reasoning about HTML5.

Read More

Galois Selected to Develop UI Consistency Analysis Tools

Creating consistent User Interfaces (UIs) is a time consuming and error prone process, but consistency and conformance with guidelines is becoming increasingly important for software developers. For example, Apple has raised the bar for UI Consistency by requiring that iOS applications conform with their Human Interface Guidelines (HIG). Non-conforming applications can be removed from the […]

Read More

A Disciplined Approach to Talking About Security

Recently, a thread about a security problem in a piece of open source software got a lot of attention. There was a vulnerability report, a defensive developer, persistent security folks, and of course sideline comments taking one side or the other. This discussion perfectly illustrates why it can be hard to have a civil discussion […]

Read More

Cloud Security Risk Agreements for Small Businesses

Isaac Potoczny-Jones <> PDF version. ABSTRACT Cloud computing can be particularly beneficial to small businesses since it can decrease the total cost of ownership for IT systems. Unfortunately, one of the major barriers to adoption of cloud services is the perception that they are inherently less secure, exposing the organization to unacceptable risk. There are […]

Read More

Galois is Hiring!

Do you want to lead the development of the next generation of embedded systems that transform how we interact with the physical world? Do you want to make secure cloud computing a reality? Can you help us develop and exploit secure, ubiquitous networked devices? Galois has a position open for a senior computer scientist in […]

Read More

SIGPLAN Programming Languages Software Award

We are pleased to be able to relay the following announcement from ACM SIGPLAN: The SIGPLAN Programming Languages Software Award is awarded to an institution or individual(s) to recognize the development a software system that has had a significant impact on programming language research, implementations, and tools. The impact may be reflected in the wide-spread […]

Read More