Home > Articles > Security > Software Security

Software Security

RSS Feed Subscribe to this topic  RSS details

124 Items

Sort by Date | Title

Software [In]security: Moving U.S. Cybersecurity Beyond Cyberplatitudes
By Gary McGraw
Jul 16, 2009
Gary McGraw discusses how the current U.S. administration needs to make some important progress on cybersecurity rather than simply offering more platitudes.
Software [In]security: Measuring Software Security
By Gary McGraw, Jim Routh
Jun 18, 2009
Gary McGraw and Jim Routh describe the value positioning of a successful software security initiative instituted at a large financial services firm.
Information Security Bookshelf, Part 2 (2009 Edition)
By Ed Tittel
May 18, 2009
Ed Tittel compiles a collection of pointers to useful and informative books on information security, part 2 of 2.
Information Security Bookshelf, Part 1 (2009 Edition)
By Ed Tittel
May 8, 2009
Ed Tittel compiles a collection of pointers to useful and informative books on information security.
Software [In]security: Software Security Comes of Age
By Gary McGraw
Apr 16, 2009
Gary McGraw details the continued growth of the software security industry, even in the face of worldwide recession.
Chained Exploits: Discover What Your Boss Is Looking At
By Andrew Whitaker, Keatron Evans, Jack B. Voth
Apr 10, 2009
Learn how to spy on your boss' net surfing habits — and protect yourself and your network from similar exploits.
Software [In]security: The Building Security In Maturity Model (BSIMM)
By Gary McGraw, Brian Chess, Sammy Migues
Mar 16, 2009
The creators of the Building Security In Maturity Model describe the benefits of using it as a yardstick for measuring your own software security initiative.
Software [In]security: Nine Things Everybody Does: Software Security Activities from the BSIMM
By Gary McGraw, Brian Chess, Sammy Migues
Feb 9, 2009
Examine the nine common software security activities that make up the Building Security In Maturity Model (BSIMM).
Software [In]security: Top 11 Reasons Why Top 10 (or Top 25) Lists Don’t Work
By Gary McGraw
Jan 13, 2009
Gary McGraw explains why there’s more to software security than watching the bug parade march by.
Robert Seacord on the CERT C Secure Coding Standard
By David Chisnall, Robert C. Seacord
Dec 15, 2008
Robert C. Seacord and David Chisnall discuss the CERT C Secure Coding standard, developing C standards, and the future of the language and its offshoots.
Software [In]security: Software Security Top 10 Surprises
By Gary McGraw, Brian Chess, Sammy Migues
Dec 15, 2008
In the course of analyzing real-world data from top software security firms, Gary McGraw, Brian Chess, and Sammy Migues unearthed some surprises.
Software [In]security: Web Applications and Software Security
By Gary McGraw
Nov 14, 2008
Gary McGraw argues that by understanding the relationship between Web application security and traditional software security, we can better understand security issues on both fronts.
Writing Insecure C, Part 3
By David Chisnall
Oct 24, 2008
David Chisnall concludes his series on insecure C code with a discussion of strings, along with some of the more advanced problems that people encounter with C.
Writing Insecure C, Part 2
By David Chisnall
Oct 17, 2008
Continuing his series on insecure C, David Chisnall points out some problems arising from handling of integers and memory in C.
Software [In]security: A Software Security Framework: Working Towards a Realistic Maturity Model
By Gary McGraw, Brian Chess
Oct 15, 2008
Gary McGraw and Brian Chess introduce a software security framework (SSF) to help understand and plan a software security initiative.
Writing Insecure C, Part 1
By David Chisnall
Oct 10, 2008
David Chisnall takes a look at some of the pitfalls involved in writing secure code in C, with a guided tour of insecure code.
Software [In]security: Getting Past the Bug Parade
By Gary McGraw
Sep 17, 2008
Gary McGraw explains why more attention should be paid to finding software flaws through the use of threat modeling and architectural risk analysis.
No Time to Patch
By Randy Nash
Sep 5, 2008
Randy Nash discusses the problems of exploits and malicious code and offers some suggestions to reduce the time to patch these vulnerabilities.
Software [In]security: Software Security Demand Rising
By Gary McGraw
Aug 11, 2008
Gary McGraw breaks down the numbers from 2007, showing that software security is making headway in the enterprise even against economic headwinds.
Perception of Security Risk: Fear, Uncertainty, and Doubt
By Randy Nash
Jul 28, 2008
Why do so many security product vendors use it as part of the sales pitch? As Randy Nash explains, because it works.

<< < Prev Page 1 2 3 4 5 Next >