Gen is a Computer Aided Software Engineering (CASE) application development environment marketed by Broadcom Inc. Gen was previously known as CA Gen, IEF (Information Engineering Facility), Composer by IEF, Composer, COOL:Gen, Advantage:Gen and AllFusion Gen. The toolset originally supported the information technology engineering methodology developed by Clive Finkelstein, James Martin and others in the early 1980s. Early versions supported IBM's DB2 database, 3270 'block mode' screens and generated COBOL code. In the intervening years the toolset has been expanded to support additional development techniques such as component-based development; creation of client/server and web applications and generation of C, Java and C#. In addition, other platforms are now supported such as many variants of Unix-like Operating Systems (AIX, HP-UX, Solaris, Linux) as well as Windows. Its range of supported database technologies have widened to include ORACLE, Microsoft SQL Server, ODBC, JDBC as well as the original DB2. The toolset is fully integrated - objects identified during analysis carry forward into design without redefinition. All information is stored in a repository (central encyclopedia). The encyclopedia allows for large team development - controlling access so that multiple developers may not change the same object simultaneously. == History == === 1985-1997: Texas Instruments === It was initially produced by Texas Instruments, with input from James Martin and his consultancy firm James Martin Associates, and was based on the Information Engineering Methodology (IEM). The first version was launched in 1985. IEF (Information Engineering Facility) became popular among large government departments and public utilities. It initially supported a CICS/COBOL/DB2 target environment. However, it now supports a wider range of relational databases and operating systems. IEF was intended to shield the developer from the complexities of building complete multi-tier cross-platform applications. In 1995, Texas Instruments decided to change their marketing focus for the product. Part of this change included a new name - "Composer". By 1996, IEF had become a popular tool. However, it was criticized by some IT professionals for being too restrictive, as well as for having a high per-workstation cost ($15K USD). But it is claimed that IEF reduces development time and costs by removing complexity and allowing rapid development of large scale enterprise transaction processing systems. === 1997-2000: Sterling Software === In 1997, Composer had another change of branding, Texas Instruments sold the Texas Instruments Software division, including the Composer rights, to Sterling Software. Sterling software changed the well known name "Information Engineering Facility" to "COOL:Gen". COOL was an acronym for "Common Object Oriented Language" - despite the fact that there was little object orientation in the product. === 2000-2018: Computer Associates === In 2000, Sterling Software was acquired by Computer Associates (now CA). CA has rebranded the product three times to date and the product is still used widely today. Under CA, recent releases of the tool added support for the CA-Datacom DBMS, the Linux operating system, C# code generation and ASP.NET web clients. The current version is known as CA Gen - version 8 being released in May 2010, with support for customised web services, and more of the toolset being based around the Eclipse framework. === 2018-current: Broadcom === As of 2020, CA Gen is owned and marketed by Broadcom Inc., which rebranded the product to Gen to avoid confusion with the former owner of the product. There are a variety of "add-on" tools available for Gen, including GuardIEn - a Configuration Management and Developer Productivity Suite, QAT Wizard, an interview style wizard that takes advantage of the meta model in Gen, products for multi-platform application reporting and XML/SOAP enabling of Gen applications., and developer productivity tools such as Access Gen, APMConnect, QA Console and Upgrade Console from Response Systems Version 8.6 of CA Gen came to market in June 2016. Version 8.6.3 of CA Gen was released in 2021. Following this release, Broadcom have switched to a continuous delivery model with new features to be delivered as patches.
Confused deputy problem
In information security, a confused deputy is a computer program that is tricked by another program (with fewer privileges or less rights) into misusing its authority on the system. It is a specific type of privilege escalation. The confused deputy problem is often cited as an example of why capability-based security is important. Capability systems protect against the confused deputy problem, whereas access-control list–based systems do not. Such systems can mitigate the confused deputy problem by eliminating ambient authority, allowing programs to act only on resources for which they hold explicit capabilities, whereas access-control list–based systems are more susceptible to it. However, this protection depends on correct implementation; in formally verified capability systems such as seL4, it can be shown that the kernel enforces capability constraints correctly, preventing such behavior at the system level. == Example == In the original example of a confused deputy, there was a compiler program provided on a commercial timesharing service. Users could run the compiler and optionally specify a filename where it would write debugging output, and the compiler would be able to write to that file if the user had permission to write there. The compiler also collected statistics about language feature usage. Those statistics were stored in a file called "(SYSX)STAT", in the directory "SYSX". To make this possible, the compiler program was given permission to write to files in SYSX. But there were other files in SYSX: in particular, the system's billing information was stored in a file "(SYSX)BILL". A user ran the compiler and named "(SYSX)BILL" as the desired debugging output file. This produced a confused deputy problem. The compiler made a request to the operating system to open (SYSX)BILL. Even though the user did not have access to that file, the compiler did, so the open succeeded. The compiler wrote the compilation output to the file (here "(SYSX)BILL") as normal, overwriting it, and the billing information was destroyed. === The confused deputy === In this example, the compiler program is the deputy because it is acting at the request of the user. The program is seen as 'confused' because it was tricked into overwriting the system's billing file. Whenever a program tries to access a file, the operating system needs to know two things: which file the program is asking for, and whether the program has permission to access the file. In the example, the file is designated by its name, “(SYSX)BILL”. The program receives the file name from the user, but does not know whether the user had permission to write the file. When the program opens the file, the system uses the program's permission, not the user's. When the file name was passed from the user to the program, the permission did not go along with it; the permission was increased by the system silently and automatically. It is not essential to the attack that the billing file be designated by a name represented as a string. The essential points are that: the designator for the file does not carry the full authority needed to access the file; the program's own permission to access the file is used implicitly. == Other examples == A cross-site request forgery (CSRF) is an example of a confused deputy attack that uses the web browser to perform sensitive actions against a web application. A common form of this attack occurs when a web application uses a cookie to authenticate all requests transmitted by a browser. Using JavaScript, an attacker can force a browser into transmitting authenticated HTTP requests. The Samy computer worm used cross-site scripting (XSS) to turn the browser's authenticated MySpace session into a confused deputy. Using XSS the worm forced the browser into posting an executable copy of the worm as a MySpace message which was then viewed and executed by friends of the infected user. Clickjacking is an attack where the user acts as the confused deputy. In this attack a user thinks they are harmlessly browsing a website (an attacker-controlled website) but they are in fact tricked into performing sensitive actions on another website. An FTP bounce attack can allow an attacker to connect indirectly to TCP ports to which the attacker's machine has no access, using a remote FTP server as the confused deputy. Another example relates to personal firewall software. It can restrict Internet access for specific applications. Some applications circumvent this by starting a browser with instructions to access a specific URL. The browser has authority to open a network connection, even though the application does not. Firewall software can attempt to address this by prompting the user in cases where one program starts another which then accesses the network. However, the user frequently does not have sufficient information to determine whether such an access is legitimate—false positives are common, and there is a substantial risk that even sophisticated users will become habituated to clicking "OK" to these prompts. Not every program that misuses authority is a confused deputy. Sometimes misuse of authority is simply a result of a program error. The confused deputy problem occurs when the designation of an object is passed from one program to another, and the associated permission changes unintentionally, without any explicit action by either party. It is insidious because neither party did anything explicit to change the authority. Another example is when an administrator authorizes an AI agent to act on their behalf, and that AI subsequently delegates authority to another AI agent neither vetted nor authorized by the original administrator. The unvetted AI can then act without permissions or oversight from the original developer. == Solutions == In some systems it is possible to ask the operating system to open a file using the permissions of another client. This solution has some drawbacks: It requires explicit attention to security by the server. A naive or careless server might not take this extra step. It becomes more difficult to identify the correct permission if the server is in turn the client of another service and wants to pass along access to the file. It requires the client to trust the server to not abuse the borrowed permissions. Note that intersecting the server and client's permissions does not solve the problem either, because the server may then have to be given very wide permissions (all of the time, rather than those needed for a given request) in order to act for arbitrary clients. The simplest way to solve the confused deputy problem is to bundle together the designation of an object and the permission to access that object. This is exactly what a capability is. Using capability security in the compiler example, the client would pass to the server a capability to the output file, such as a file descriptor, rather than the name of the file. Since it lacks a capability to the billing file, it cannot designate that file for output. In the cross-site request forgery example, a URL supplied "cross"-site would include its own authority independent of that of the client of the web browser.
Best AI Headshot Generators in 2026
In search of the best AI headshot generator? An AI headshot generator is software that uses machine learning to help you get more done — it turns a rough idea into a polished result in seconds. When choosing one, weigh output quality, pricing, export formats, and how well it fits the tools you already use. Whether you are a beginner or a pro, the right AI headshot generator slots into your workflow and pays for itself fast. Below we compare features, pricing, and real output so you can choose with confidence.
AI Presentation Makers: Free vs Paid (2026)
Curious about the best AI presentation maker? An AI presentation maker is software that uses machine learning to help you get more done — it combines speed, accuracy, and an interface that just works. Hands-on testing shows real-world results vary, so a short free trial is the smartest way to decide. Whether you are a beginner or a pro, the right AI presentation maker slots into your workflow and pays for itself fast. This guide breaks down the top picks, their pros and cons, and who each one is best for.
AI Copywriting Tools Reviews: What Actually Works in 2026
Shopping for the best AI copywriting tool? An AI copywriting tool is software that uses machine learning to help you get more done — it keeps getting smarter as the underlying models improve. Pricing, accuracy, and the size of the model behind the tool are the three factors that most affect daily usefulness. Whether you are a beginner or a pro, the right AI copywriting tool slots into your workflow and pays for itself fast. Below we compare features, pricing, and real output so you can choose with confidence.
Content Security Policy
Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. It is a Candidate Recommendation of the W3C working group on Web Application Security, widely supported by modern web browsers. CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website—covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features. == Status == The standard, originally named Content Restrictions, was proposed by Robert Hansen in 2004, first implemented in Firefox 4 and quickly picked up by other browsers. Version 1 of the standard was published in 2012 as W3C candidate recommendation and quickly with further versions (Level 2) published in 2014. As of 2023, the draft of Level 3 is being developed with the new features being quickly adopted by the web browsers. The following header names are in use as part of experimental CSP implementations: Content-Security-Policy – standard header name proposed by the W3C document. Google Chrome supports this as of version 25. Firefox supports this as of version 23, released on 6 August 2013. WebKit supports this as of version 528 (nightly build). Chromium-based Microsoft Edge support is similar to Chrome's. X-WebKit-CSP – deprecated, experimental header introduced into Google Chrome, Safari and other WebKit-based web browsers in 2011. X-Content-Security-Policy – deprecated, experimental header introduced in Gecko 2 based browsers (Firefox 4 to Firefox 22, Thunderbird 3.3, SeaMonkey 2.1). A website can declare multiple CSP headers, also mixing enforcement and report-only ones. Each header will be processed separately by the browser. CSP can also be delivered within the HTML code using a meta tag, although in this case its effectiveness will be limited. Internet Explorer 10 and Internet Explorer 11 also support CSP, but only sandbox directive, using the experimental X-Content-Security-Policy header. A number of web application frameworks support CSP, for example AngularJS (natively) and Django (middleware). Instructions for Ruby on Rails have been posted by GitHub. Web framework support is however only required if the CSP contents somehow depend on the web application's state—such as usage of the nonce origin. Otherwise, the CSP is rather static and can be delivered from web application tiers above the application, for example on load balancer or web server. === Bypasses === In December 2015 and December 2016, a few methods of bypassing 'nonce' allowlisting origins were published. In January 2016, another method was published, which leverages server-wide CSP allowlisting to exploit old and vulnerable versions of JavaScript libraries hosted at the same server (frequent case with CDN servers). In May 2017 one more method was published to bypass CSP using web application frameworks code. == Mode of operation == If the Content-Security-Policy header is present in the server response, a compliant client enforces the declarative allowlist policy. One example goal of a policy is a stricter execution mode for JavaScript in order to prevent certain cross-site scripting attacks. In practice this means that a number of features are disabled by default: Inline JavaScript code