Evaluating the progress of your software security journey is essential, but it can be a considerable challenge. Tracking operational metrics doesn’t tell you whether you are doing the right things. Analyst reports are often too general to provide tactical direction. And companies hold their security plans so close to the vest, it makes competitive research […]
The Fourth Annual AppSec California Conference kicks off in one week at the Annenberg Beach House in Santa Monica, California. From January 23-25, security professionals, developers, penetration testers, and QA and testing professionals come together to share their knowledge and experiences about secure systems and secure development methodologies. We’re excited to attend the event as Platinum […]
Posted in Application Security, Maturity Model (BSIMM), Mobile Application Security, Security Conference or Event, Software Security Program Development, Threat Modeling | Comments Off on 3 Presentations You Don’t Want to Miss at AppSec California 2017
There’s no silver bullet for securing software. The reality is that security involves a multi-dimensional approach over an organization’s entire application portfolio. To bring truth to some of the most widespread security misconceptions, we’ve developed the seven myths of software security best practices. These myths explore how software security initiatives should work, and aren’t simply about how to […]
Posted in Maturity Model (BSIMM), Security Risk Assessment, Software Development Life Cycle (SDLC), Software Security Program Development | Comments Off on Do You Believe the 7 Myths of Software Security Best Practices?
Most organizations have a well-oiled machine with the sole purpose to create, release, and maintain functional software. However, the increasing concerns and business risks associated with insecure software have brought increased attention to the need to integrate security into the development process. Implementing a proper Secure Software Development Life Cycle (SDLC) is important now more […]
In reading publications recently released by FS-ISAC and SAFECode on vendor management and third-party risk, I am pleased that the industry is finally coming together. We seem to finally agree on the obvious need to assess the processes under which software is made and not a particular end result. If “penetrate and patch” had any […]
The bad news is that software gets hacked. The defects or vulnerabilities that attackers take advantage of to hack software can be made by an organization internally, or by their vendors or partners. The good news is that remediation methods to resolve these defects and vulnerabilities are well known. Organizations with a mature software security […]
Posted in Maturity Model (BSIMM), Penetration Testing, Software Development Life Cycle (SDLC), Software Security Program Development | Comments Off on How Proactive Is Your Software Security Initiative?