ArchiMate ( AR-ki-mayt) is an open and independent enterprise architecture modeling language to support the description, analysis and visualization of architecture within and across business domains in an unambiguous way. ArchiMate is a technical standard from The Open Group and is based on concepts from the now superseded IEEE 1471 standard. It is supported by various tool vendors and consulting firms. ArchiMate is also a registered trademark of The Open Group. The Open Group has a certification program for ArchiMate users, software tools and courses. ArchiMate distinguishes itself from other languages such as Unified Modeling Language (UML) and Business Process Modeling and Notation (BPMN) by its enterprise modelling scope. Also, UML and BPMN are meant for a specific use and they are quite heavy – containing about 150 (UML) and 250 (BPMN) modeling concepts whereas ArchiMate works with just about 50 (in version 2.0). The goal of ArchiMate is to be ”as small as possible”, not to cover every edge scenario imaginable. To be easy to learn and apply, ArchiMate was intentionally restricted “to the concepts that suffice for modeling the proverbial 80% of practical cases". == Overview == ArchiMate offers a common language for describing the construction and operation of business processes, organizational structures, information flows, IT systems, and technical infrastructure. This insight helps the different stakeholders to design, assess, and communicate the consequences of decisions and changes within and between these business domains. The main concepts and relationships of the ArchiMate language can be seen as a framework, the so-called Archimate Framework: It divides the enterprise architecture into a business, application and technology layer. In each layer, three aspects are considered: active elements, an internal structure and elements that define use or communicate information. One of the objectives of the ArchiMate language is to define the relationships between concepts in different architecture domains. The concepts of this language therefore hold the middle between the detailed concepts, which are used for modeling individual domains (for example, the Unified Modeling Language (UML) for modeling software products), and Business Process Model and Notation (BPMN), which is used for business process modeling. == History == ArchiMate is partly based on the now superseded IEEE 1471 standard. It was developed in the Netherlands by a project team from the Telematica Instituut in cooperation with several Dutch partners from government, industry and academia. Among the partners were Ordina NV, Radboud Universiteit Nijmegen, the Leiden Institute for Advanced Computer Science (LIACS) and the Centrum Wiskunde & Informatica (CWI). Later, tests were performed in organizations such as ABN AMRO, the Dutch Tax and Customs Administration and the ABP. The development process lasted from July 2002 to December 2004, and took about 35 person years and approximately 4 million euros. The development was funded by the Dutch government (Dutch Tax and Customs Administration), and business partners, including ABN AMRO and the ABP Pension Fund. In 2008 the ownership and stewardship of ArchiMate was transferred to The Open Group. It is now managed by the ArchiMate Forum within The Open Group. In February 2009 The Open Group published the ArchiMate 1.0 standard as a formal technical standard. In January 2012 the ArchiMate 2.0 standard, and in 2013 the ArchiMate 2.1 standard was released. In June 2016, the Open Group released version 3.0 of the ArchiMate Specification. An update to Archimate 3.0.1 came out in August 2017. Archimate 3.1 was published 5 November 2019. The latest version of the ArchiMate Specification is version 3.2 released October 2022. Version 3.0 adds enhanced support for capability-oriented strategic modelling, new entities representing physical resources (for modelling the ingredients, equipment and transport resources used in the physical world) and a generic metamodel showing the entity types and the relationships between them. == ArchiMate framework == === Core framework === The main concepts and elements of the ArchiMate language are being presented as ArchiMate core framework. It consists of three layers and three aspects. This creates a matrix of combinations. Every layer has its passive structure, behavior and active structure aspects. ==== Layers ==== ArchiMate has a layered and service-oriented look on architectural models. The higher layers make use of services that are provided by the lower layers. Although, at an abstract level, the concepts that are used within each layer are similar, we define more concrete concepts that are specific for a certain layer. In this context, we distinguish three main layers: The business layer is about business processes, services, functions and events of business units. This layer "offers products and services to external customers, which are realized in the organization by business processes performed by business actors and roles". The application layer is about software applications that "support the components in the business with application services". The technology layer deals "with the hardware and communication infrastructure to support the application layer. This layer offers infrastructural services needed to run applications, realized by computer and communication hardware and system software". Each of these main layers can be further divided in sub-layers. For example, in the business layer, the primary business processes realising the products of a company may make use of a layer of secondary (supporting) business processes; in the application layer, the end-user applications may make use of generic services offered by supporting applications. On top of the business layer, a separate environment layer may be added, modelling the external customers that make use of the services of the organisation (although these may also be considered part of the business layer). In line with service orientation, the most important relation between layers is formed by use relations, which show how the higher layers make use of the services of lower layers. However, a second type of link is formed by realisation relations: elements in lower layers may realise comparable elements in higher layers; e.g., a ‘data object’ (application layer) may realise a ‘business object’ (business layer); or an ‘artifact’ (technology layer) may realise either a ‘data object’ or an ‘application component’ (application layer). ==== Aspects ==== Passive structure is the set of entities on which actions are conducted. In the business layer the example would be information objects, in the application layer data objects and in the technology layer, they could include physical objects. Behavior refers to the processes and functions performed by the actors. "Structural elements are assigned to behavioral elements, to show who or what displays the behavior". Active structure is the set of entities that display some behavior, e.g. business actors, devices, or application components. === Full framework === The Full ArchiMate framework is enriched by the physical layer, which was added to allow modeling of “physical equipment, materials, and distribution networks” and was not present in the previous version. The implementation and migration layer adds elements that allow architects to model a state of transition, to mark parts of the architecture that are temporary for the purpose, as the name says, of implementation and migration. Strategy layer adds three elements: resource, capability and course of action. These elements help to incorporate strategic dimension to the ArchiMate language by allowing it to depict the usage of resources and capabilities in order to achieve some strategic goals. Finally, there is a motivation aspect that allows different stakeholders to describe the motivation of specific actors or domains, which can be quite important when looking at one thing from several different angles. It adds several elements like stakeholder, value, driver, goal, meaning etc. == ArchiMate language == The ArchiMate language is formed as a top-level and is hierarchical. On the top, there is a model. A model is a collection of concepts. A concept can be either an element or a relationship. An element can be either of behavior type, structure, motivation or a so-called composite element (which means that it does not fit just one aspect of the framework, but two or more). The functionality of all concepts without a dependency on a specific layer is described by the generic metamodel. This layer-independent description of concepts is useful when trying to understand the mechanics of the Archimate language. === Concepts === ==== Elements ==== The generic elements are distributed into the same categories as the layers: Active structure elements Behavior elements Passive structure elements Motivation elements Active structure e
Motor theory of speech perception
The motor theory of speech perception is the hypothesis that people perceive spoken words by identifying the vocal tract gestures with which they are pronounced rather than by identifying the sound patterns that speech generates. It originally claimed that speech perception is done through a specialized module that is innate and human-specific. Though the idea of a module has been qualified in more recent versions of the theory, the idea remains that the role of the speech motor system is not only to produce speech articulations but also to detect them. The hypothesis has gained more interest outside the field of speech perception than inside. This has increased particularly since the discovery of mirror neurons that link the production and perception of motor movements, including those made by the vocal tract. The theory was initially proposed in the Haskins Laboratories in the 1950s by Alvin Liberman and Franklin S. Cooper, and developed further by Donald Shankweiler, Michael Studdert-Kennedy, Ignatius Mattingly, Carol Fowler and Douglas Whalen. == Origins and development == The hypothesis has its origins in research using pattern playback to create reading machines for the blind that would substitute sounds for orthographic letters. This led to a close examination of how spoken sounds correspond to the acoustic spectrogram of them as a sequence of auditory sounds. This found that successive consonants and vowels overlap in time with one another (a phenomenon known as coarticulation). This suggested that speech is not heard like an acoustic "alphabet" or "cipher," but as a "code" of overlapping speech gestures. === Associationist approach === Initially, the theory was associationist: infants mimic the speech they hear and that this leads to behavioristic associations between articulation and its sensory consequences. Later, this overt mimicry would be short-circuited and become speech perception. This aspect of the theory was dropped, however, with the discovery that prelinguistic infants could already detect most of the phonetic contrasts used to separate different speech sounds. === Cognitivist approach === The behavioristic approach was replaced by a cognitivist one in which there was a speech module. The module detected speech in terms of hidden distal objects rather than at the proximal or immediate level of their input. The evidence for this was the research finding that speech processing was special such as duplex perception. === Changing distal objects === Initially, speech perception was assumed to link to speech objects that were both the invariant movements of speech articulators the invariant motor commands sent to muscles to move the vocal tract articulators This was later revised to include the phonetic gestures rather than motor commands, and then the gestures intended by the speaker at a prevocal, linguistic level, rather than actual movements. === Modern revision === The "speech is special" claim has been dropped, as it was found that speech perception could occur for nonspeech sounds (for example, slamming doors for duplex perception). === Mirror neurons === The discovery of mirror neurons has led to renewed interest in the motor theory of speech perception, and the theory still has its advocates, although there are also critics. == Support == === Nonauditory gesture information === If speech is identified in terms of how it is physically made, then nonauditory information should be incorporated into speech percepts even if it is still subjectively heard as "sounds". This is, in fact, the case. The McGurk effect shows that seeing the production of a spoken syllable that differs from an auditory cue synchronized with it affects the perception of the auditory one. In other words, if someone hears "ba" but sees a video of someone pronouncing "ga", what they hear is different—some people believe they hear "da". People find it easier to hear speech in noise if they can see the speaker. People can hear syllables better when their production can be felt haptically. === Categorical perception === Using a speech synthesizer, speech sounds can be varied in place of articulation along a continuum from /bɑ/ to /dɑ/ to /ɡɑ/, or in voice onset time on a continuum from /dɑ/ to /tɑ/ (for example). When listeners are asked to discriminate between two different sounds, they perceive sounds as belonging to discrete categories, even though the sounds vary continuously. In other words, 10 sounds (with the sound on one extreme being /dɑ/ and the sound on the other extreme being /tɑ/, and the ones in the middle varying on a scale) may all be acoustically different from one another, but the listener will hear all of them as either /dɑ/ or /tɑ/. Likewise, the English consonant /d/ may vary in its acoustic details across different phonetic contexts (the /d/ in /du/ does not technically sound the same as the one in /di/, for example), but all /d/'s as perceived by a listener fall within one category (voiced alveolar plosive) and that is because "linguistic representations are abstract, canonical, phonetic segments or the gestures that underlie these segments." This suggests that humans identify speech using categorical perception, and thus that a specialized module, such as that proposed by the motor theory of speech perception, may be on the right track. === Speech imitation === If people can hear the gestures in speech, then the imitation of speech should be very fast, as in when words are repeated that are heard in headphones as in speech shadowing. People can repeat heard syllables more quickly than they would be able to produce them normally. === Speech production === Hearing speech activates vocal tract muscles, and the motor cortex and premotor cortex. The integration of auditory and visual input in speech perception also involves such areas. Disrupting the premotor cortex disrupts the perception of speech units such as plosives. The activation of the motor areas occurs in terms of the phonemic features which link with the vocal track articulators that create speech gestures. The perception of a speech sound is aided by pre-emptively stimulating the motor representation of the articulators responsible for its pronunciation . Auditory and motor cortical coupling is restricted to a specific range of neuronal firing frequency. === Perception-action meshing === Evidence exists that perception and production are generally coupled in the motor system. This is supported by the existence of mirror neurons that are activated both by seeing (or hearing) an action and when that action is carried out. Another source of evidence is that for common coding theory between the representations used for perception and action. == Criticisms == The motor theory of speech perception is not widely held in the field of speech perception, though it is more popular in other fields, such as theoretical linguistics. As three of its advocates have noted, "it has few proponents within the field of speech perception, and many authors cite it primarily to offer critical commentary".p. 361 Several critiques of it exist. === Multiple sources === Speech perception is affected by nonproduction sources of information, such as context. Individual words are hard to understand in isolation but easy when heard in sentence context. It therefore seems that speech perception uses multiple sources that are integrated together in an optimal way. === Production === The motor theory of speech perception would predict that speech motor abilities in infants predict their speech perception abilities, but in actuality it is the other way around. It would also predict that defects in speech production would impair speech perception, but they do not. However, this only affects the first and already superseded behaviorist version of the theory, where infants were supposed to learn all production-perception patterns by imitation early in childhood. This is no longer the mainstream view of motor-speech theorists. === Speech module === Several sources of evidence for a specialized speech module have failed to be supported. Duplex perception can be observed with door slams. The McGurk effect can also be achieved with nonlinguistic stimuli, such as showing someone a video of a basketball bouncing but playing the sound of a ping-pong ball bouncing. As for categorical perception, listeners can be sensitive to acoustic differences within single phonetic categories. As a result, this part of the theory has been dropped by some researchers. === Sublexical tasks === The evidence provided for the motor theory of speech perception is limited to tasks such as syllable discrimination that use speech units not full spoken words or spoken sentences. As a result, "speech perception is sometimes interpreted as referring to the perception of speech at the sublexical level. However, the ultimate goal of these studies is presumably to understand the neural processes supporting the ability to process spee
Sprayprinter
SprayPrinter is a device that attaches to aerosol paint cans whereby users can print images via Bluetooth from a smartphone onto a wall or almost any surface. == History == The technology behind SprayPrinter was developed by Mihkel Joala. He explained in a 2016 interview with New Atlas that his idea was inspired by the modern car engine and the Nintendo Wii console. "Engines nowadays use extremely fast valves to spray fuel to [the] combustion chamber," says Joala. "I realized I can use them to shoot paint with pinpoint accuracy." As of December 2021, the company appears to be no longer selling products. == Awards and Recognitions == In 2015, SprayPrinter received €8,000 from the Estonian prototyping contest Prototron for its initial prototype. In 2016, the SprayPrinter team won the grand prize of €30,000 from the televised pitching competition Ajujaht.
List of security assessment tools
This is a list of available software and hardware tools that are designed for or are particularly suited to various kinds of security assessment and security testing. == Operating systems and tool suites == Several operating systems and tool suites provide bundles of tools useful for various types of security assessment. === Operating system distributions === Kali Linux (formerly BackTrack), a penetration-test-focused Linux distribution based on Debian Pentoo, a penetration-test-focused Linux distribution based on Gentoo ParrotOS, a Linux distro focused on penetration testing, forensics, and online anonymity. == Tools ==
Catalog server
A catalog server provides a single point of access that allows users to centrally search for information across a distributed network. In other words, it indexes databases, files and information across large network and allows keywords, Boolean and other searches. If you need to provide a comprehensive searching service for your intranet, extranet or even the Internet, a catalog server is a standard solution.
Webull
Webull Corporation, often stylized as simply Webull, is a U.S.-based financial services holding company headquartered in St. Petersburg, Florida. It owns and operates the Webull electronic trading platform for self-directed retail investors. Depending on jurisdiction, the Webull platform offers trading in stocks, exchange-traded funds (ETFs), options, margin, bonds, cryptocurrency and futures, as well as market-data tools. Webull began operations in 2016 under Hunan Fumi Information Technology, a China-based financial technology company founded by Wang Anquan. It launched U.S. brokerage services through Webull Financial LLC in 2018 and expanded during the retail-trading boom of 2020 and 2021. In April 2025, Webull became a publicly traded company on the Nasdaq through a merger with special-purpose acquisition company SK Growth Opportunities Corporation. The company's U.S. brokerage revenue relies substantially on payment for order flow, with options trading accounting for the larger share of its order-flow rebates in 2025. Webull has faced regulatory actions related to options customer approvals, complaint handling, suspicious activity reporting, social-media marketing and customer disclosures. It has also faced scrutiny from U.S. lawmakers and state officials over its historical and operational ties to China and the handling of U.S. customer data. == History == === Founding === Webull was founded in 2016 under Hunan Fumi Information Technology, a China-based financial technology company, by Wang Anquan, a former employee of Alibaba Group and Xiaomi. Hunan Fumi Information Technology received backing from Xiaomi, Shunwei Capital, and other investors in China. Fumi Technology was a Hunan-based fintech start-up incubated by Xiaomi and raised about CNY200 million (approximately US$30 million) in a Series B financing round in 2018. On May 24, 2017, Webull Financial LLC was established as a Delaware limited liability company. It began offering brokerage services in the United States in May 2018. Wang hired Anthony Denier as CEO of the U.S. brokerage that year and the two mapped out their strategy on napkins at a Mexican restaurant in New York City. Webull Corporation was incorporated in the Cayman Islands in September 2019 as the group's holding company. === Retail trading boom === In May 2020, the company received SEC approval to launch a robo-advisor on its platform. By August 2020, the platform had over 11 million registered users, and in October 2020, it had 750,000 daily active users. Webull introduced options trading in 2020 and later added cryptocurrency trading through a separate digital-asset business. In November 2020, Webull began supporting cryptocurrency transactions. In December 2020, Webull launched trading services in Hong Kong. During the GameStop short squeeze in January 2021, Webull gained attention as some retail traders looked for alternatives to Robinhood. On January 27, 2021, Webull recorded its highest-ever number of active daily users, at 952,000, and the Webull app was downloaded across the Apple App and Google Play stores an estimated 100,000 times. That week, approximately 1.2 million people downloaded the Webull mobile app, which the company reported as a 1,548% week-over-week increase. On January 28, 2021, Webull was directed by its clearing house to temporarily halt buy orders for stocks affected by the GameStop short squeeze. In June 2021, Webull was reported to be considering a U.S. initial public offering that could raise up to $400 million. === Restructuring and expansion === Webull restructured its China-related corporate arrangements in 2022 and later stated that Hunan Fumi was no longer affiliated with the group. In 2022 and 2023, Webull expanded in several non-U.S. markets, including Singapore, Australia, South Africa, Japan, the United Kingdom and Indonesia. In June 2023, Webull moved cryptocurrency trading to a separate app called Webull Pay. By the end of 2023, Webull had 4.3 million funded accounts and US$8.2 billion in customer assets. In January 2024, Anthony Denier was promoted to group president of Webull Corporation. In November 2024, Webull launched overnight, or extended-hours, trading, expanding the trading window of U.S. stocks for users inside and outside the United States. === SPAC merger and Nasdaq listing === On February 28, 2024, Webull agreed to go public through a business combination with SK Growth Opportunities Corporation (NASDAQ: SKGR), a special-purpose acquisition company, in a deal that valued the company at approximately US$7.3 billion. The proposed valuation drew scrutiny because of Webull's limited financial disclosure at announcement, reliance on payment for order flow and small expected public float. SK Growth shareholders approved the business combination on March 30, 2025, and the transaction closed on April 10, 2025. Webull's Class A ordinary shares and warrants began trading on the Nasdaq on April 11, 2025 under the ticker symbols BULL and BULLW (incentive warrants traded under BULLZ until their redemption in June 2025). The merger brought Webull to the public market but generated little cash for the company: after shareholder redemptions, Webull disclosed net proceeds of US$430,066 from the transaction. After the listing, Webull's shares experienced extreme volatility, rising as much as 500% to US$79.56 on April 14, 2025, after closing at US$13.25 on the prior trading day. The initial post-listing surge increased the value of Webull holdings owned by earlier investors, including RIT Capital Partners, which had first invested in Webull in 2021. In April 2026, after Webull's shares had fallen about 70% over the previous year, the company authorized a US$100 million share repurchase program. == Business model and financials == Webull provides a self-directed electronic trading platform available through mobile, desktop and web applications. Depending on jurisdiction, the platform offers trading in stocks, exchange-traded funds, options, margin, futures, fixed income products, cryptocurrency, cash management features and market data tools. In the United States, Webull Financial LLC is a registered broker-dealer and member of FINRA and the Securities Investor Protection Corporation, while Webull operates in other markets through locally licensed brokerage subsidiaries. Webull operates a commission-free or low-cost brokerage model for self-directed retail investors. In the United States, a substantial part of its trading-related revenue comes from payment for order flow, while in some non-U.S. markets the company more commonly charges commissions directly to customers. The platform is aimed at more active retail investors, including users seeking options tools, extended-hours trading and real-time market data. For 2025, Webull reported total revenue of US$571.0 million, up from US$390.2 million in 2024. Equity and option order-flow rebates accounted for US$304.1 million, or 53.3% of revenue, making order-flow rebates the company's largest reported revenue category. Interest-related income accounted for US$154.3 million, handling charge income for US$87.3 million and other revenue for US$25.3 million. Options were the larger component of the company's order-flow rebates in 2025, generating US$210.0 million compared with US$94.2 million from equities. Webull also generates revenue from interest-related activities, including margin financing, customer bank deposits, stock lending and corporate bank deposits. The company has stated that its interest-related income is affected by interest rates, customer cash balances, margin balances and demand for stock lending. The company had approximately 20 million registered users worldwide as of February 2024. As of December 31, 2025, it reported 26.8 million registered users, 5.0 million funded accounts and US$24.6 billion in customer assets. As of March 2025, Webull operated in Hong Kong, Singapore, Australia, South Africa, Japan, the United Kingdom, the United States, Indonesia, Canada, Brazil, Thailand, Malaysia and Mexico. == Marketing and sponsorships == Webull has used paid digital advertising, referral incentives, free-stock promotions, affiliate marketing and sports sponsorships to acquire customers and promote its brand. In its 2025 annual filing, the company reported marketing and branding expenses of US$152.3 million in 2023, US$138.7 million in 2024 and US$135.9 million in 2025. Webull said most of its advertising and promotion costs were related to paid search and paid social advertising, and that it had reduced free-stock promotions while shifting toward deposit- and asset-transfer-based incentives. In September 2021, BSE Global, the parent company of the Brooklyn Nets and New York Liberty, entered into a global multi-year agreement with Webull. Under the agreement, Webull became an official sponsor and online brokerage partner of the teams, with branding that included a jersey patch on Brooklyn Nets uniforms. Spo
Open-source software security
Open-source software security is the measure of assurance or guarantee in the freedom from danger and risk inherent to an open-source software system. == Implementation debate == === Benefits === Proprietary software forces the user to accept the level of security that the software vendor is willing to deliver and to accept the rate that patches and updates are released. It is assumed that any compiler that is used creates code that can be trusted, but it has been demonstrated by Ken Thompson that a compiler can be subverted using a compiler backdoor to create faulty executables that are unwittingly produced by a well-intentioned developer. With access to the source code for the compiler, the developer has at least the ability to discover if there is any mal-intention. Kerckhoffs' principle is based on the idea that an enemy can steal a secure military system and not be able to compromise the information. His ideas were the basis for many modern security practices, and followed that security through obscurity is a bad practice. === Drawbacks === Simply making source code available does not guarantee review. An example of this occurring is when Marcus Ranum, an expert on security system design and implementation, released his first public firewall toolkit. At one time, there were over 2,000 sites using his toolkit, but only 10 people gave him any feedback or patches. Having a large amount of eyes reviewing code can "lull a user into a false sense of security". Having many users look at source code does not guarantee that security flaws will be found and fixed. == Metrics and models == There are a variety of models and metrics to measure the security of a system. These are a few methods that can be used to measure the security of software systems. === Number of days between vulnerabilities === It is argued that a system is most vulnerable after a potential vulnerability is discovered, but before a patch is created. By measuring the number of days between the vulnerability and when the vulnerability is fixed, a basis can be determined on the security of the system. There are a few caveats to such an approach: not every vulnerability is equally bad, and fixing a lot of bugs quickly might not be better than only finding a few and taking a little bit longer to fix them, taking into account the operating system, or the effectiveness of the fix. === Poisson process === The Poisson process can be used to measure the rates at which different people find security flaws between open and closed source software. The process can be broken down by the number of volunteers Nv and paid reviewers Np. The rates at which volunteers find a flaw is measured by λv and the rate that paid reviewers find a flaw is measured by λp. The expected time that a volunteer group is expected to find a flaw is 1/(Nv λv) and the expected time that a paid group is expected to find a flaw is 1/(Np λp). === Morningstar model === By comparing a large variety of open source and closed source projects a star system could be used to analyze the security of the project similar to how Morningstar, Inc. rates mutual funds. With a large enough data set, statistics could be used to measure the overall effectiveness of one group over the other. An example of such as system is as follows: 1 Star: Many security vulnerabilities. 2 Stars: Reliability issues. 3 Stars: Follows best security practices. 4 Stars: Documented secure development process. 5 Stars: Passed independent security review. === Coverity scan === Coverity in collaboration with Stanford University has established a new baseline for open-source quality and security. The development is being completed through a contract with the Department of Homeland Security. They are utilizing innovations in automated defect detection to identify critical types of bugs found in software. The level of quality and security is measured in rungs. Rungs do not have a definitive meaning, and can change as Coverity releases new tools. Rungs are based on the progress of fixing issues found by the Coverity Analysis results and the degree of collaboration with Coverity. They start with Rung 0 and currently go up to Rung 2. Rung 0 The project has been analyzed by Coverity's Scan infrastructure, but no representatives from the open-source software have come forward for the results. Rung 1 At rung 1, there is collaboration between Coverity and the development team. The software is analyzed with a subset of the scanning features to prevent the development team from being overwhelmed. Rung 2 There are 11 projects that have been analyzed and upgraded to the status of Rung 2 by reaching zero defects in the first year of the scan. These projects include: AMANDA, ntp, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and Tcl.