- Software [In]security: Comparing Apples, Oranges, and Aardvarks (or, All Static Analysis Tools Are Not Created Equal)
- Jan 31, 2011
- Security expert Gary McGraw discusses the static analysis tools market, the pitfalls of product comparisons, and provides his recommendation for making the best choice.
|
- Software [In]security: Cyber Warmongering and Influence Peddling
- Nov 24, 2010
- Gary McGraw & Ivan Arce explain how the current climate of exaggeration and FUD surrounding cyber attacks does not ultimately serve the best interests of computer security research — or our country.
|
- Software [In]security: Technology Transfer
- Oct 26, 2010
- Gary McGraw discusses the evolution of a source code scanning tool from research project to commercial project and details the transfer of technology that made it all happen.
|
- Software [In]security: How to p0wn a Control System with Stuxnet
- Sep 23, 2010
- Gary McGraw describes the Stuxnet worm and explains some of its potentially dangerous implications.
|
- Software [In]security: Software Security Crosses the Threshold
- Aug 16, 2010
- The software security space exceeded the $500 million mark in 2009. Software security expert Gary McGraw examines the sales of security tools providers and services firms to find out how quickly the market is growing, and which parts of the market are driving growth.
|
- Software [In]security: Obama Highlights Cyber Security Progress
- Jul 16, 2010
- Software security expert Gary McGraw went to a White House meeting on cyber security attended by 100 public and private sector security experts. McGraw shares the details of the meeting, including an unannounced visit by President Obama.
|
- Software [In]security: Cyber War - Hype or Consequences?
- Jun 17, 2010
- Is the threat of cyber war real or imagined? In this article Gary McGraw first defines cyber war and then describes some very real possibilities.
|
- Software [In]security: BSIMM2
- May 12, 2010
- Gary McGraw and colleagues discuss the latest iteration of the Building Security In Maturity Model, BSIMM2.
|
- Software [In]security: Assume Nothing
- Apr 30, 2010
- Software security expert Gary McGraw thinks Microsoft may be forgetting the old mantra of thinking like an attacker by deciding not to patch a vulnerability in the Virtual PC Hypervisor.
|
- Software [In]security: The Smart (Electric) Grid and Dumb Cybersecurity
- Mar 26, 2010
- Security expert Gary McGraw explains why the rush to upgrade our power grid may lead to security vulnerabilities in critical infrastructure.
|
- Software [In]security: What Works in Software Security
- Feb 26, 2010
- 15 of the 110 activities in the BSIMM are very commonly observed. Gary McGraw, Brian Chess, and Sammy Migues list and explain these activities.
|
- Software [In]security: Cargo Cult Computer Security
- Jan 28, 2010
- Gary McGraw argues that the time is right to turn to real science to combat the "Cargo Cult" mentality of the software security field.
|
- Chained Exploits: How Hackers Combine Attacks to Hack You
- Jan 27, 2010
- Security expert Andrew Whitaker explains the hacker mentality and points out how hackers combine multiple exploits to achieve their goals.
|
- Software [In]security: You Really Need a Software Security Group
- Dec 21, 2009
- Gary McGraw explains why having a software security group is necessary for a software security initiative.
|
- Top 4 Software Development Protection Techniques and How to Defeat Them
- Dec 7, 2009
- Knowing weaknesses in different protection methods can help you choose the best techniques to safeguard your intellectual property.
|
- Software [In]security: BSIMM Europe
- Nov 10, 2009
- Security expert Gary McGraw and team introduce BSIMM Europe and compare some of its initial results to the original BSIMM data.
|
- Software [In]security: Startup Lessons
- Oct 22, 2009
- Gary McGraw discusses the seven lessons he's learned through his startup years at Cigital.
|
- Software [In]security: BSIMM Begin
- Sep 24, 2009
- Gary McGraw introduces BSIMM Begin, a Web-based study focused on 40 of the 110 activities covered in the full Building Security In Maturity Model.
|
- Software [In]security: Attack Categories and History Prediction
- Aug 25, 2009
- Software security expert Gary McGraw describes how to divide attacks into four categories — and predict the attacks of tomorrow.
|
- What Is Surreptitious Software?
- Aug 11, 2009
- Christian Collberg and Jasvir Nagra discuss the basic techniques used to protect secrets stored in software.
|