Software Integrity

Archive for the 'Software Development Life Cycle (SDLC)' Category

 

Moving Beyond “Moving Left”: The Case for Developer Enablement

Originally posted on SecurityWeek.  For far too long software security has been comprised of a curious bifurcation of roles. Developers develop and IT security testers test for security issues. Fortunately, a confluence of circumstances has forced a recalibration of the developer’s role in software security. In fact, I think we are about to see a new […]

Continue Reading...

Posted in Security Training, Software Development Life Cycle (SDLC), Software Security Program Development, Static Analysis (SAST) | No Comments »

 

Ticketbleed: The Next Black Swan

Last week a researcher disclosed a software vulnerability in a feature of the TLS/SSL stack that allowed a remote attacker to extract sensitive information. Sound familiar? In 2014, the Heartbleed vulnerability in the OpenSSL implementation of the heartbeat function in SSL affected some 600,000 websites worldwide and risked exposing passwords and other private keys. Ticketbleed, […]

Continue Reading...

Posted in Application Security, Fuzz Testing, News, Software Composition Analysis, Software Development Life Cycle (SDLC), Software Security Testing | No Comments »

 

Gary McGraw’s Shmoocon Keynote Recaps Security Career With Advice

Gary McGraw provided this year’s keynote address at Shmoocon, held January 13-15 at the Washington Hilton in Washington, D.C. His talk, “Seven Things: Frank Zappa, T. Coraghassen Boyle, and 21 Years in Security,” touches upon valuable insights gleaned over McGraw’s more than 21 years in software security. It also reflects his many interests. Watch the […]

Continue Reading...

Posted in Security Metrics, Security Training, Software Architecture and Design, Software Development Life Cycle (SDLC), Software Security Program Development | Comments Off on Gary McGraw’s Shmoocon Keynote Recaps Security Career With Advice

 

Are You Following the Top 10 Software Security Best Practices?

While it is a common misnomer that many firms rely on, it’s never a good security strategy to simply buy the latest security tool and call it a day. Your organization may need to invest in focused employee education and tool deployment before seeing a return on investment. Software security isn’t simply plug and play. […]

Continue Reading...

Posted in Security Training, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on Are You Following the Top 10 Software Security Best Practices?

 

How Much Do Bugs Cost to Fix During Each Phase of the SDLC?

A well-defined software development life cycle (SDLC) is essential to develop more reliable, bug-free software. At Synopsys, we often make the claim that it’s important to fix bugs early in the SDLC to save time and money. But how much of a cost difference does it really make to fix bugs during various SDLC phases? […]

Continue Reading...

Posted in Software Development Life Cycle (SDLC), Vulnerability Assessment | Comments Off on How Much Do Bugs Cost to Fix During Each Phase of the SDLC?

 

Do You Believe the 7 Myths of Software Security Best Practices?

There’s no silver bullet for securing software. The reality is that security involves a multi-dimensional approach over an organization’s entire application portfolio. To bring truth to some of the most widespread security misconceptions, we’ve developed the seven myths of software security best practices. These myths explore how software security initiatives should work, and aren’t simply about how to […]

Continue Reading...

Posted in Maturity Model (BSIMM), Security Risk Assessment, Software Development Life Cycle (SDLC), Software Security Program Development | Comments Off on Do You Believe the 7 Myths of Software Security Best Practices?

 

SSDLC 101: What Is the Secure Software Development Life Cycle?

Most organizations have a well-oiled machine with the sole purpose to create, release, and maintain functional software. However, the increasing concerns and business risks associated with insecure software have brought increased attention to the need to integrate security into the development process. Implementing a proper Secure Software Development Life Cycle (SDLC) is important now more […]

Continue Reading...

Posted in Maturity Model (BSIMM), Software Development Life Cycle (SDLC), Vulnerability Assessment | Comments Off on SSDLC 101: What Is the Secure Software Development Life Cycle?

 

How Proactive Is Your Software Security Initiative?

The bad news is that software gets hacked. The defects or vulnerabilities that attackers take advantage of to hack software can be made by an organization internally, or by their vendors or partners. The good news is that remediation methods to resolve these defects and vulnerabilities are well known. Organizations with a mature software security […]

Continue Reading...

Posted in Maturity Model (BSIMM), Penetration Testing, Software Development Life Cycle (SDLC), Software Security Program Development | Comments Off on How Proactive Is Your Software Security Initiative?

 

SecureAssist Helps Developers Build Security Into Any Software Development Life Cycle

The Issue The primary goal of a software developer is to get through the edit, compile, debug workflow as efficiently as possible, ensuring that software is working correctly and is delivered on time. As a result, security isn’t a developer’s top priority. While businesses don’t want to release defective or insecure software, many don’t have […]

Continue Reading...

Posted in Software Development Life Cycle (SDLC), Software Security Testing, Static Analysis (SAST) | Comments Off on SecureAssist Helps Developers Build Security Into Any Software Development Life Cycle