Software Integrity

Archive for the 'Security Metrics' Category

 

Gary McGraw’s Shmoocon Keynote Recaps Security Career With Advice

Gary McGraw provided this year’s keynote address at Shmoocon, held January 13-15 at the Washington Hilton in Washington, D.C. His talk, “Seven Things: Frank Zappa, T. Coraghassen Boyle, and 21 Years in Security,” touches upon valuable insights gleaned over McGraw’s more than 21 years in software security. It also reflects his many interests. Watch the […]

Continue Reading...

Posted in Security Metrics, Security Training, Software Architecture and Design, Software Development Life Cycle (SDLC), Software Security Program Development | Comments Off on Gary McGraw’s Shmoocon Keynote Recaps Security Career With Advice

 

How Effective Are Your Software Security Metrics?

Many firms present metrics in a vastly oversimplified way, calculating too few measurements to share. Many other firms barrage the audience with a variety of highly detailed metrics. This often overwhelms the reader. Both approaches are weak. If you want to share key software security metrics, it’s critical to focus on the impact that the metrics […]

Continue Reading...

Posted in Application Security, Security Conference or Event, Security Metrics | Comments Off on How Effective Are Your Software Security Metrics?

 

Building Meaningful Security Metrics

Many people in various security disciplines are looking to metrics as a way to demonstrate the efficacy of their efforts and show continuous process improvement. Unfortunately, poorly constructed metrics usually create more confusion than insight. If I told you that testing discovered nine critical vulnerabilities last month, what knowledge have I imparted? Does it clarify […]

Continue Reading...

Posted in Security Metrics, Software Security Program Development | Comments Off on Building Meaningful Security Metrics

 

Why a Software Security Group Is Needed

As software security evolves it becomes more difficult to manage, making a Software Security Group (SSG) a necessity for your organization. Without a core group of individuals fighting to keep the security of the firm strong, it will be nearly impossible to stay safe in today’s environment. 5 models for enterprise software security management teams […]

Continue Reading...

Posted in Application Security, Security Metrics | Comments Off on Why a Software Security Group Is Needed