Network Security

56 Items

Sort by Date | Title

Software [In]security: Technology Transfer: By Gary McGraw; Oct 26, 2010; Gary McGraw discusses the evolution of a source code scanning tool from research project to commercial project and details the transfer of technology that made it all happen.

Software [In]security: The Smart (Electric) Grid and Dumb Cybersecurity: By Gary McGraw; Mar 26, 2010; Security expert Gary McGraw explains why the rush to upgrade our power grid may lead to security vulnerabilities in critical infrastructure.

Software [In]security: Third-Party Software and Security: By Gary McGraw, Brian Chess, Sammy Migues; Nov 30, 2011; How do you gauge the security of third-party code? A recent security conference examined that question, and Gary McGraw presents the findings in this article.

Software [In]security: Top 11 Reasons Why Top 10 (or Top 25) Lists Don’t Work: By Gary McGraw; Jan 13, 2009; Gary McGraw explains why there’s more to software security than watching the bug parade march by.

Software [In]security: Twitter Security: By Gary McGraw; May 15, 2009; Gary McGraw details Twitter's fundamental security vulnerabilities.

Software [In]security: vBSIMM (BSIMM for Vendors): By Gary McGraw, Sammy Migues; Apr 12, 2011; How do you ensure that your third-party software vendors practice good software security? Software security expert Gary McGraw explains how the Building Security In Maturity Model can play a central role in this effort.

Software [In]security: vBSIMM Take Two (BSIMM for Vendors Revised): By Gary McGraw, Sammy Migues; Jan 26, 2012; Gary McGraw and Sammy Migues introduce a revised, compact version of the BSIMM for vendors called vBSIMM, which can be thought of as a foundational security control for vendor management of third-party software providers.

Software [In]security: What Works in Software Security: By Gary McGraw, Brian Chess, Sammy Migues; Feb 26, 2010; 15 of the 110 activities in the BSIMM are very commonly observed. Gary McGraw, Brian Chess, and Sammy Migues list and explain these activities.

Software [In]security: You Really Need a Software Security Group: By Gary McGraw; Dec 21, 2009; Gary McGraw explains why having a software security group is necessary for a software security initiative.

Talk Is Cheap: Why the Security Industry Needs to Improve Its Bedside Manner: By Michael Kemp; Aug 17, 2007; Michael Kemp explores an often-overlooked aspect of security practice, namely communicating with clients so that they can be assured of expertise instead of being awed by it.

The Anatomy of a Digital Investigation: By Michael W. Graves; Oct 8, 2013; Michael W. Graves discusses the details of a digital investigation, including understanding the scope of the investigation, identifying the stakeholders, and understanding documentation,

The CERT Guide to Insider Threats: Insider Theft of Intellectual Property: By Dawn M. Cappelli, Andrew P. Moore, Randall F. Trzeciak; Mar 2, 2012; This chapter offers a model to prevent insider theft of intellectual property. The first half of this chapter describes the model at a high level.The second half of the chapter digs deeper into the technical methods used in committing these crimes and mitigation strategies that you should consider based on all of this information.

Visualization: How to Present Security Data to Get Your Point Across: By Andrew Jaquith; Dec 21, 2007; Learn how to present security data in a style that truly gets your point across.

Why IT Pros Need to Learn About IPv6 Security Now: An Interview with Scott Hogg and Eric Vyncke: By Linda Leung, Scott Hogg, Eric Vyncke; Jul 4, 2009; Linda Leung talks with Scott Hogg and Eric Vyncke about IPv6 transition and security issues.

Will Cell Phones be Responsible for the Next Internet Worm?: By Norm Laudermilch; Apr 28, 2006; The mobile devices you know and love are great for productivity, but they have completely changed the vulnerability state of our networks. Norm Laudermilch tells you why you should be afraid, very afraid.

ZigBee Wireless Security: A New Age Penetration Tester's Toolkit: By Brad Bowers; Jan 9, 2012; Brad Bowers takes a closer look at the ZigBee protocol, some of the attacks that have been leveraged against it, and the security tools that penetration testers can use.