- Software [In]security: Software Security Zombies
-
By
Gary McGraw
- Jul 21, 2011
- Software security expert Gary McGraw reviews some of the most important security concepts — before they eat your (network's) brains.
|
- Software [In]security: Partly Cloudy with a Chance of Security
-
By
Gary McGraw
- Jun 17, 2011
- Security expert Gary McGraw provides some issues to consider when it comes to adoption of cloud services and their impact on security in your organization.
|
- Software [In]security: Computer Security and International Norms
-
By
Gary McGraw
- May 30, 2011
- The Obama administration recently released its "International Strategy for Cyberspace" outlining America's ideals and strategies for cyberspace. Security expert Gary McGraw explains why he thinks the document is promising in its effort to make our national goals and policies clear when it comes to cyberspace.
|
- Software [In]security: vBSIMM (BSIMM for Vendors)
-
By
Gary McGraw, Sammy Migues
- Apr 12, 2011
- How do you ensure that your third-party software vendors practice good software security? Software security expert Gary McGraw explains how the Building Security In Maturity Model can play a central role in this effort.
|
- Software [In]security: Modern Malware
-
By
Gary McGraw
- Mar 22, 2011
- Software security expert and author Gary McGraw looks at where malware is heading — and what we should do about it.
|
- Software [In]security: Software Patents and Fault Injection
-
By
Gary McGraw
- Feb 28, 2011
- Gary McGraw explains how another party may get a patent on a technique he had a hand in inventing.
|
- Software [In]security: Comparing Apples, Oranges, and Aardvarks (or, All Static Analysis Tools Are Not Created Equal)
-
By
Gary McGraw, John Steven
- Jan 31, 2011
- Security expert Gary McGraw discusses the static analysis tools market, the pitfalls of product comparisons, and provides his recommendation for making the best choice.
|
- Software [In]security: Cyber Warmongering and Influence Peddling
-
By
Gary McGraw, Ivan Arce
- Nov 24, 2010
- Gary McGraw & Ivan Arce explain how the current climate of exaggeration and FUD surrounding cyber attacks does not ultimately serve the best interests of computer security research — or our country.
|
- Software [In]security: Technology Transfer
-
By
Gary McGraw
- Oct 26, 2010
- Gary McGraw discusses the evolution of a source code scanning tool from research project to commercial project and details the transfer of technology that made it all happen.
|
- Developing Network Security Strategies
-
By
Priscilla Oppenheimer
- Oct 4, 2010
- To help you handle the difficulties inherent in designing network security for complex networks, this chapter teaches a systematic, top-down approach that focuses on planning and policy development before the selection of security products.
|
- Software [In]security: How to p0wn a Control System with Stuxnet
-
By
Gary McGraw
- Sep 23, 2010
- Gary McGraw describes the Stuxnet worm and explains some of its potentially dangerous implications.
|
- Software [In]security: Software Security Crosses the Threshold
-
By
Gary McGraw
- Aug 16, 2010
- The software security space exceeded the $500 million mark in 2009. Software security expert Gary McGraw examines the sales of security tools providers and services firms to find out how quickly the market is growing, and which parts of the market are driving growth.
|
- Software [In]security: Obama Highlights Cyber Security Progress
-
By
Gary McGraw
- Jul 16, 2010
- Software security expert Gary McGraw went to a White House meeting on cyber security attended by 100 public and private sector security experts. McGraw shares the details of the meeting, including an unannounced visit by President Obama.
|
- Software [In]security: Cyber War - Hype or Consequences?
-
By
Gary McGraw
- Jun 17, 2010
- Is the threat of cyber war real or imagined? In this article Gary McGraw first defines cyber war and then describes some very real possibilities.
|
- Software [In]security: BSIMM2
-
By
Gary McGraw, Brian Chess, Sammy Migues, Elizabeth Nichols
- May 12, 2010
- Gary McGraw and colleagues discuss the latest iteration of the Building Security In Maturity Model, BSIMM2.
|
- Software [In]security: The Smart (Electric) Grid and Dumb Cybersecurity
-
By
Gary McGraw
- Mar 26, 2010
- Security expert Gary McGraw explains why the rush to upgrade our power grid may lead to security vulnerabilities in critical infrastructure.
|
- Software [In]security: What Works in Software Security
-
By
Gary McGraw, Brian Chess, Sammy Migues
- Feb 26, 2010
- 15 of the 110 activities in the BSIMM are very commonly observed. Gary McGraw, Brian Chess, and Sammy Migues list and explain these activities.
|
- Software [In]security: Cargo Cult Computer Security
-
By
Gary McGraw
- Jan 28, 2010
- Gary McGraw argues that the time is right to turn to real science to combat the "Cargo Cult" mentality of the software security field.
|
- Software [In]security: You Really Need a Software Security Group
-
By
Gary McGraw
- Dec 21, 2009
- Gary McGraw explains why having a software security group is necessary for a software security initiative.
|
- Software [In]security: BSIMM Europe
-
By
Gary McGraw, David Harper, Matias Madou, Florence Mottay
- Nov 10, 2009
- Security expert Gary McGraw and team introduce BSIMM Europe and compare some of its initial results to the original BSIMM data.
|