- Software [In]security: Partly Cloudy with a Chance of Security
- Jun 17, 2011
- Security expert Gary McGraw provides some issues to consider when it comes to adoption of cloud services and their impact on security in your organization.
|
- Software [In]security: Paying for Secure Software
- Apr 7, 2008
- Gary McGraw kicks off his new monthly column by showing how the added costs of developing secure software can be more than offset by lower TCO down the road.
|
- Software [In]security: Securing Web 3.0
- May 15, 2008
- Gary McGraw warns that we haven't yet solved (or even considered) some of the serious security issues involved with Web 3.0.
|
- Software [In]security: Software Patents and Fault Injection
- Feb 28, 2011
- Gary McGraw explains how another party may get a patent on a technique he had a hand in inventing.
|
- Software [In]security: Software Security Comes of Age
- Apr 16, 2009
- Gary McGraw details the continued growth of the software security industry, even in the face of worldwide recession.
|
- Software [In]security: Software Security Crosses the Threshold
- Aug 16, 2010
- The software security space exceeded the $500 million mark in 2009. Software security expert Gary McGraw examines the sales of security tools providers and services firms to find out how quickly the market is growing, and which parts of the market are driving growth.
|
- Software [In]security: Software Security Demand Rising
- Aug 11, 2008
- Gary McGraw breaks down the numbers from 2007, showing that software security is making headway in the enterprise even against economic headwinds.
|
- Software [In]security: Software Security Top 10 Surprises
- Dec 15, 2008
- In the course of analyzing real-world data from top software security firms, Gary McGraw, Brian Chess, and Sammy Migues unearthed some surprises.
|
- Software [In]security: Software Security Training
- Oct 31, 2011
- Gary McGraw and Sammy Migues describe how training has changed, provide data showing it's importance, and explain why it's important to pick the right training for your organization's needs.
|
- Software [In]security: Software Security Zombies
- Jul 21, 2011
- Software security expert Gary McGraw reviews some of the most important security concepts — before they eat your (network's) brains.
|
- Software [In]security: Startup Lessons
- Oct 22, 2009
- Gary McGraw discusses the seven lessons he's learned through his startup years at Cigital.
|
- Software [In]security: Technology Transfer
- Oct 26, 2010
- Gary McGraw discusses the evolution of a source code scanning tool from research project to commercial project and details the transfer of technology that made it all happen.
|
- Software [In]security: The Building Security In Maturity Model (BSIMM)
- Mar 16, 2009
- The creators of the Building Security In Maturity Model describe the benefits of using it as a yardstick for measuring your own software security initiative.
|
- Software [In]security: The Smart (Electric) Grid and Dumb Cybersecurity
- Mar 26, 2010
- Security expert Gary McGraw explains why the rush to upgrade our power grid may lead to security vulnerabilities in critical infrastructure.
|
- Software [In]security: Third-Party Software and Security
- Nov 30, 2011
- How do you gauge the security of third-party code? A recent security conference examined that question, and Gary McGraw presents the findings in this article.
|
- Software [In]security: Top 11 Reasons Why Top 10 (or Top 25) Lists Don’t Work
- Jan 13, 2009
- Gary McGraw explains why there’s more to software security than watching the bug parade march by.
|
- Software [In]security: vBSIMM (BSIMM for Vendors)
- Apr 12, 2011
- How do you ensure that your third-party software vendors practice good software security? Software security expert Gary McGraw explains how the Building Security In Maturity Model can play a central role in this effort.
|
- Software [In]security: vBSIMM Take Two (BSIMM for Vendors Revised)
- Jan 26, 2012
- Gary McGraw and Sammy Migues introduce a revised, compact version of the BSIMM for vendors called vBSIMM, which can be thought of as a foundational security control for vendor management of third-party software providers.
|
- Software [In]security: Web Applications and Software Security
- Nov 14, 2008
- Gary McGraw argues that by understanding the relationship between Web application security and traditional software security, we can better understand security issues on both fronts.
|
- Software [In]security: What Works in Software Security
- Feb 26, 2010
- 15 of the 110 activities in the BSIMM are very commonly observed. Gary McGraw, Brian Chess, and Sammy Migues list and explain these activities.
|