Home > Articles > Security > Software Security

Software Security

124 Items

Sort by Date | Title

Minding Your P's: Points to Ponder When Implementing Information Security Controls
Apr 23, 2013
Information security expert Randy Nash explains how the relevant parameters that are important in finding the right balance between security and ease of policy implementation.
Secure By Design? Techniques and Frameworks You Need to Know for Secure Application Development
Dec 19, 2012
What do you know about developing secure robust software? Randy Nash discusses several available techniques and frameworks for secure application development.
An Insider's Look into the 2012 Mid-Atlantic Collegiate Cyber Defense Challenge
May 15, 2012
Brad Bowers takes an insider look into the 2012 Mid-Atlantic Collegiate Cyber Defense Challenge that faces off hardened penetration testers against defending college teams in this annual cyber attack and defend competition.
Software [In]security: vBSIMM Take Two (BSIMM for Vendors Revised)
Jan 26, 2012
Gary McGraw and Sammy Migues introduce a revised, compact version of the BSIMM for vendors called vBSIMM, which can be thought of as a foundational security control for vendor management of third-party software providers.
Software [In]security: BSIMM versus SAFECode and Other Kaiju Cinema
Dec 26, 2011
Gary McGraw and Sammy Migues clarify the intended use of the Building Security In Maturity Model (BSIMM) and compare it to the SAFECode Practices methodology.
PKI: Broken, But Fixable
Nov 30, 2011
The public key infrastructure (PKI) used for securing the Web has recently been found to be much less secure than was previously thought. David Chisnall discusses some of the flaws in the design and some potential solutions.
Software [In]security: Third-Party Software and Security
Nov 30, 2011
How do you gauge the security of third-party code? A recent security conference examined that question, and Gary McGraw presents the findings in this article.
Software [In]security: Software Security Training
Oct 31, 2011
Gary McGraw and Sammy Migues describe how training has changed, provide data showing it's importance, and explain why it's important to pick the right training for your organization's needs.
Security Blanket or Security Theater?
Oct 13, 2011
This chapter explains how to better identify true threats from accidents and measure your vulnerability to either.
Software [In]security: BSIMM3
Sep 27, 2011
BSIMM3 is the third iteration of the Building Security In Maturity Model (BSIMM) project, a tool used as a measuring stick for software security initiatives in the corporate world. Gary McGraw describes the BSIMM3 along with Brian Chess and Sammy Migues.
Software [In]security: Balancing All the Breaking with some Building
Aug 30, 2011
Security expert Gary McGraw argues that the software security industry is favoring offense at the expense of defense, and that more proactive defense is needed.
Securing a Web App at the Last Minute
Jul 26, 2011
While consumers and the media are increasingly aware of the risks to confidential information over web apps, firms still tend to focus on development, leaving data security until just before the go-live date. Ajay Gupta points out that last-minute steps are available to improve the security of your apps before launching them onto the Internet.
Software [In]security: Software Security Zombies
Jul 21, 2011
Software security expert Gary McGraw reviews some of the most important security concepts — before they eat your (network's) brains.
Software [In]security: Partly Cloudy with a Chance of Security
Jun 17, 2011
Security expert Gary McGraw provides some issues to consider when it comes to adoption of cloud services and their impact on security in your organization.
Software [In]security: Computer Security and International Norms
May 30, 2011
The Obama administration recently released its "International Strategy for Cyberspace" outlining America's ideals and strategies for cyberspace. Security expert Gary McGraw explains why he thinks the document is promising in its effort to make our national goals and policies clear when it comes to cyberspace.
Software [In]security: vBSIMM (BSIMM for Vendors)
Apr 12, 2011
How do you ensure that your third-party software vendors practice good software security? Software security expert Gary McGraw explains how the Building Security In Maturity Model can play a central role in this effort.
Software [In]security: Modern Malware
Mar 22, 2011
Software security expert and author Gary McGraw looks at where malware is heading — and what we should do about it.
Software [In]security: Software Patents and Fault Injection
Feb 28, 2011
Gary McGraw explains how another party may get a patent on a technique he had a hand in inventing.
Firesheep, Fireshepherd, and Facebook: Understanding Session Hijacking
Feb 22, 2011
Mike Chapple shows you how web authentication makes session hijacking possible, how Firesheep exploits these vulnerabilities, and the measures that website administrators, web developers, and end users can take to protect against session hijacking attacks.
Encryption 101: Keys, Algorithms and You
Feb 15, 2011
Mike Chapple shows how to protect confidential information via encryption, and teaches the basics when it comes to selecting an encryption technology.

Page 1 2 3 4 5 Next >