- Setting Up Web Filtering for a Network Using OpenDNS (Part 2)
- Dec 19, 2008
- Eric Geier continues his guide on using OpenDNS, a free Domain Name System (DNS) service that helps provide a safer, faster, smarter, and more reliable Internet.
|
- Setting Up Web Filtering for a Network Using OpenDNS (Part 3)
- Dec 26, 2008
- Eric Geier shows you how to manage multiple networks with one account using OpenDNS.
|
- Seven Steps to XML Mastery, Step 7: Ensure XML Security
- Aug 25, 2006
- We’ve come a long way since the beginning of our journey toward XML mastery. In the last article of his series, Frank Coyle examines XML-related security issues. We begin by looking at the family of XML security standards and then move on to the threat of black-hat attacks and what you can do to safeguard your XML-based applications.
|
- Should We Ban Internet Anonymity?
- Jun 16, 2008
- Should anonymous attackers can lawfully malign the innocent and helpless?
|
- Software [In]security: A Software Security Framework: Working Towards a Realistic Maturity Model
- Oct 15, 2008
- Gary McGraw and Brian Chess introduce a software security framework (SSF) to help understand and plan a software security initiative.
|
- Software [In]security: Assume Nothing
- Apr 30, 2010
- Software security expert Gary McGraw thinks Microsoft may be forgetting the old mantra of thinking like an attacker by deciding not to patch a vulnerability in the Virtual PC Hypervisor.
|
- Software [In]security: Attack Categories and History Prediction
- Aug 25, 2009
- Software security expert Gary McGraw describes how to divide attacks into four categories — and predict the attacks of tomorrow.
|
- Software [In]security: Balancing All the Breaking with some Building
- Aug 30, 2011
- Security expert Gary McGraw argues that the software security industry is favoring offense at the expense of defense, and that more proactive defense is needed.
|
- Software [In]security: BSIMM Begin
- Sep 24, 2009
- Gary McGraw introduces BSIMM Begin, a Web-based study focused on 40 of the 110 activities covered in the full Building Security In Maturity Model.
|
- Software [In]security: BSIMM Europe
- Nov 10, 2009
- Security expert Gary McGraw and team introduce BSIMM Europe and compare some of its initial results to the original BSIMM data.
|
- Software [In]security: BSIMM versus SAFECode and Other Kaiju Cinema
- Dec 26, 2011
- Gary McGraw and Sammy Migues clarify the intended use of the Building Security In Maturity Model (BSIMM) and compare it to the SAFECode Practices methodology.
|
- Software [In]security: BSIMM2
- May 12, 2010
- Gary McGraw and colleagues discuss the latest iteration of the Building Security In Maturity Model, BSIMM2.
|
- Software [In]security: BSIMM3
- Sep 27, 2011
- BSIMM3 is the third iteration of the Building Security In Maturity Model (BSIMM) project, a tool used as a measuring stick for software security initiatives in the corporate world. Gary McGraw describes the BSIMM3 along with Brian Chess and Sammy Migues.
|
- Software [In]security: Cargo Cult Computer Security
- Jan 28, 2010
- Gary McGraw argues that the time is right to turn to real science to combat the "Cargo Cult" mentality of the software security field.
|
- Software [In]security: Computer Security and International Norms
- May 30, 2011
- The Obama administration recently released its "International Strategy for Cyberspace" outlining America's ideals and strategies for cyberspace. Security expert Gary McGraw explains why he thinks the document is promising in its effort to make our national goals and policies clear when it comes to cyberspace.
|
- Software [In]security: Cyber War - Hype or Consequences?
- Jun 17, 2010
- Is the threat of cyber war real or imagined? In this article Gary McGraw first defines cyber war and then describes some very real possibilities.
|
- Software [In]security: Cyber Warmongering and Influence Peddling
- Nov 24, 2010
- Gary McGraw & Ivan Arce explain how the current climate of exaggeration and FUD surrounding cyber attacks does not ultimately serve the best interests of computer security research — or our country.
|
- Software [In]security: Getting Past the Bug Parade
- Sep 17, 2008
- Gary McGraw explains why more attention should be paid to finding software flaws through the use of threat modeling and architectural risk analysis.
|
- Software [In]security: How to p0wn a Control System with Stuxnet
- Sep 23, 2010
- Gary McGraw describes the Stuxnet worm and explains some of its potentially dangerous implications.
|
- Software [In]security: Moving U.S. Cybersecurity Beyond Cyberplatitudes
- Jul 16, 2009
- Gary McGraw discusses how the current U.S. administration needs to make some important progress on cybersecurity rather than simply offering more platitudes.
|