Software Integrity

Archive for the 'Software Security Program Development' Category

 

Moving Beyond “Moving Left”: The Case for Developer Enablement

Originally posted on SecurityWeek.  For far too long software security has been comprised of a curious bifurcation of roles. Developers develop and IT security testers test for security issues. Fortunately, a confluence of circumstances has forced a recalibration of the developer’s role in software security. In fact, I think we are about to see a new […]

Continue Reading...

Posted in Security Training, Software Development Life Cycle (SDLC), Software Security Program Development, Static Analysis (SAST) | No Comments »

 

Gary McGraw’s Shmoocon Keynote Recaps Security Career With Advice

Gary McGraw provided this year’s keynote address at Shmoocon, held January 13-15 at the Washington Hilton in Washington, D.C. His talk, “Seven Things: Frank Zappa, T. Coraghassen Boyle, and 21 Years in Security,” touches upon valuable insights gleaned over McGraw’s more than 21 years in software security. It also reflects his many interests. Watch the […]

Continue Reading...

Posted in Security Metrics, Security Training, Software Architecture and Design, Software Development Life Cycle (SDLC), Software Security Program Development | Comments Off on Gary McGraw’s Shmoocon Keynote Recaps Security Career With Advice

 

3 Presentations You Don’t Want to Miss at AppSec California 2017

The Fourth Annual AppSec California Conference kicks off in one week at the Annenberg Beach House in Santa Monica, California. From January 23-25, security professionals, developers, penetration testers, and QA and testing professionals come together to share their knowledge and experiences about secure systems and secure development methodologies. We’re excited to attend the event as Platinum […]

Continue Reading...

Posted in Application Security, Maturity Model (BSIMM), Mobile Application Security, Security Conference or Event, Software Security Program Development, Threat Modeling | Comments Off on 3 Presentations You Don’t Want to Miss at AppSec California 2017

 

Make a New Year’s Resolution to Get Serious About Software Security

Originally posted on SecurityWeek.  The beginning of any new year is a time for examination and setting new goals and objectives. Many of you understand that addressing the vulnerabilities in your software is something you can no longer ignore, and are ready to get serious about software security. Resolutions are nice, but if you are […]

Continue Reading...

Posted in Software Security Program Development, Vendor Risk Management | Comments Off on Make a New Year’s Resolution to Get Serious About Software Security

 

Do You Believe the 7 Myths of Software Security Best Practices?

There’s no silver bullet for securing software. The reality is that security involves a multi-dimensional approach over an organization’s entire application portfolio. To bring truth to some of the most widespread security misconceptions, we’ve developed the seven myths of software security best practices. These myths explore how software security initiatives should work, and aren’t simply about how to […]

Continue Reading...

Posted in Maturity Model (BSIMM), Security Risk Assessment, Software Development Life Cycle (SDLC), Software Security Program Development | Comments Off on Do You Believe the 7 Myths of Software Security Best Practices?

 

How Proactive Is Your Software Security Initiative?

The bad news is that software gets hacked. The defects or vulnerabilities that attackers take advantage of to hack software can be made by an organization internally, or by their vendors or partners. The good news is that remediation methods to resolve these defects and vulnerabilities are well known. Organizations with a mature software security […]

Continue Reading...

Posted in Maturity Model (BSIMM), Penetration Testing, Software Development Life Cycle (SDLC), Software Security Program Development | Comments Off on How Proactive Is Your Software Security Initiative?

 

Building Meaningful Security Metrics

Many people in various security disciplines are looking to metrics as a way to demonstrate the efficacy of their efforts and show continuous process improvement. Unfortunately, poorly constructed metrics usually create more confusion than insight. If I told you that testing discovered nine critical vulnerabilities last month, what knowledge have I imparted? Does it clarify […]

Continue Reading...

Posted in Security Metrics, Software Security Program Development | Comments Off on Building Meaningful Security Metrics