- Software [In]security: Software Security Top 10 Surprises
-
By
Gary McGraw, Brian Chess, Sammy Migues
- Dec 15, 2008
- In the course of analyzing real-world data from top software security firms, Gary McGraw, Brian Chess, and Sammy Migues unearthed some surprises.
|
- Software [In]security: Software Security Training
-
By
Gary McGraw, Sammy Migues
- Oct 31, 2011
- Gary McGraw and Sammy Migues describe how training has changed, provide data showing it's importance, and explain why it's important to pick the right training for your organization's needs.
|
- Software [In]security: Software Security Zombies
-
By
Gary McGraw
- Jul 21, 2011
- Software security expert Gary McGraw reviews some of the most important security concepts — before they eat your (network's) brains.
|
- Software [In]security: Startup Lessons
-
By
Gary McGraw
- Oct 22, 2009
- Gary McGraw discusses the seven lessons he's learned through his startup years at Cigital.
|
- Software [In]security: Technology Transfer
-
By
Gary McGraw
- Oct 26, 2010
- Gary McGraw discusses the evolution of a source code scanning tool from research project to commercial project and details the transfer of technology that made it all happen.
|
- Software [In]security: The Smart (Electric) Grid and Dumb Cybersecurity
-
By
Gary McGraw
- Mar 26, 2010
- Security expert Gary McGraw explains why the rush to upgrade our power grid may lead to security vulnerabilities in critical infrastructure.
|
- Software [In]security: Third-Party Software and Security
-
By
Gary McGraw, Brian Chess, Sammy Migues
- Nov 30, 2011
- How do you gauge the security of third-party code? A recent security conference examined that question, and Gary McGraw presents the findings in this article.
|
- Software [In]security: Top 11 Reasons Why Top 10 (or Top 25) Lists Don’t Work
-
By
Gary McGraw
- Jan 13, 2009
- Gary McGraw explains why there’s more to software security than watching the bug parade march by.
|
- Software [In]security: vBSIMM (BSIMM for Vendors)
-
By
Gary McGraw, Sammy Migues
- Apr 12, 2011
- How do you ensure that your third-party software vendors practice good software security? Software security expert Gary McGraw explains how the Building Security In Maturity Model can play a central role in this effort.
|
- Software [In]security: vBSIMM Take Two (BSIMM for Vendors Revised)
-
By
Gary McGraw, Sammy Migues
- Jan 26, 2012
- Gary McGraw and Sammy Migues introduce a revised, compact version of the BSIMM for vendors called vBSIMM, which can be thought of as a foundational security control for vendor management of third-party software providers.
|
- Software [In]security: What Works in Software Security
-
By
Gary McGraw, Brian Chess, Sammy Migues
- Feb 26, 2010
- 15 of the 110 activities in the BSIMM are very commonly observed. Gary McGraw, Brian Chess, and Sammy Migues list and explain these activities.
|
- Software [In]security: You Really Need a Software Security Group
-
By
Gary McGraw
- Dec 21, 2009
- Gary McGraw explains why having a software security group is necessary for a software security initiative.
|
- Talk Is Cheap: Why the Security Industry Needs to Improve Its Bedside Manner
-
By
Michael Kemp
- Aug 17, 2007
- Michael Kemp explores an often-overlooked aspect of security practice, namely communicating with clients so that they can be assured of expertise instead of being awed by it.
|
- TCP: The Transmission Control Protocol (Preliminaries)
-
By
Kevin R. Fall, W. Richard Stevens
- Nov 24, 2011
- This chapter provides background regarding the issues affecting reliable delivery in general. It shows how those issues play out in TCP and what type of service it provides to Internet applications.
|
- The Art of Network Architecture: Applying Modularity
-
By
Denise Donohue, J. Kronik
- May 12, 2014
- This chapter focuses on why we use specific design patterns to implement modularity, discussing specifically why we should use hierarchical design to create a modular network design, why we should use overlay networks to create virtualization, and the results of virtualization as a mechanism to provide modularity.
|
- The Basic Uses of TCP/IP Route Maps
-
By
Jeff Doyle, Jennifer Carroll
- Dec 9, 2005
- Route maps are similar to access lists; they both have criteria for matching the details of certain packets and an action of permitting or denying those packets. This chapter explains the basics of Route Maps. Included are sample exercises to help you practice administration and use of Route Maps.
|
- Troubleshooting Methods for Cisco IP Networks
-
By
Amir Ranjbar
- Jan 14, 2015
- This chapter from Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Foundation Learning Guide: (CCNP TSHOOT 300-135) defines troubleshooting and troubleshooting principles. Next, six different troubleshooting approaches are described. The third section of this chapter presents a troubleshooting example based on each of the six troubleshooting approaches.
|
- Visualization: How to Present Security Data to Get Your Point Across
-
By
Andrew Jaquith
- Dec 21, 2007
- Learn how to present security data in a style that truly gets your point across.
|
- Why IT Pros Need to Learn About IPv6 Security Now: An Interview with Scott Hogg and Eric Vyncke
-
By
Linda Leung, Scott Hogg, Eric Vyncke
- Jul 4, 2009
- Linda Leung talks with Scott Hogg and Eric Vyncke about IPv6 transition and security issues.
|
- Will Cell Phones be Responsible for the Next Internet Worm?
-
By
Norm Laudermilch
- Apr 28, 2006
- The mobile devices you know and love are great for productivity, but they have completely changed the vulnerability state of our networks. Norm Laudermilch tells you why you should be afraid, very afraid.
|
