Software quality and security assurance both concern risk to the organization, but they do so for different reasons. Risk might be mission critical such as software on a scientific robot crawling another planet. Or risk might be associated with sensitive financial information. In the first example the integrity of the software is paramount; it is […]
Planning an IT initiative can present many challenges, one of which being the choice of software in the organization’s base computer images. When starting out small, it may make sense to buy machines off the shelf if expansion is not anticipated in the near future. However, choosing to do so often includes unwanted programs that add […]
As the prevalence of software continues to trend upwards with time, a common assumption is that it is becoming more feature-rich and reliable. However, most in the software industry wouldn’t hesitate to point out how difficult it actually is to achieve fully-working software. In fact, when calculating software risk, a key assumption is that it […]
Originally posted on SecurityWeek. Less than ten minutes driving west from my home, you encounter a vast expanse of large, windowless buildings. Situated near them are impressive physical plants dedicated to cooling these buildings and providing back-up power in the case of a power failure. Whenever I drive past these complexes I always point them […]
The power of threat modeling is that it makes you think about your system’s specific characteristics. It allows you to gain visibility around weaknesses that pose significant impact to your entire organization. This checklist explores four key ways to use threat modeling to avoid sink holes in your risk management process. Identify threats that exist […]
There’s no silver bullet for securing software. The reality is that security involves a multi-dimensional approach over an organization’s entire application portfolio. To bring truth to some of the most widespread security misconceptions, we’ve developed the seven myths of software security best practices. These myths explore how software security initiatives should work, and aren’t simply about how to […]
Posted in Maturity Model (BSIMM), Security Risk Assessment, Software Development Life Cycle (SDLC), Software Security Program Development | Comments Off on Do You Believe the 7 Myths of Software Security Best Practices?
Let’s imagine you discover a string of suspicious code within one of your applications. Perhaps a routine scan by your application testing team finds a point of interest that indicates malcode, such as a time bomb or backdoor, has been inserted by a malicious insider within your software supply chain. First, you breathe a huge […]