- Open Source Tools for Security Testing
-
By
Michael Kelly
- Sep 16, 2005
- Michael Kelly reports on handy security uses for four open source tools: WebGoat, Firefox Web Developer, WebScarab, and Ethereal. By combining the tools in easy ways, testers can track down and close the gaping security holes that are often left in applications.
|
- Secure By Design? Techniques and Frameworks You Need to Know for Secure Application Development
-
By
Randy Nash
- Dec 19, 2012
- What do you know about developing secure robust software? Randy Nash discusses several available techniques and frameworks for secure application development.
|
- Software [In]security: A Software Security Framework: Working Towards a Realistic Maturity Model
-
By
Gary McGraw, Brian Chess
- Oct 15, 2008
- Gary McGraw and Brian Chess introduce a software security framework (SSF) to help understand and plan a software security initiative.
|
- Software [In]security: Attack Categories and History Prediction
-
By
Gary McGraw
- Aug 25, 2009
- Software security expert Gary McGraw describes how to divide attacks into four categories — and predict the attacks of tomorrow.
|
- Software [In]security: Balancing All the Breaking with some Building
-
By
Gary McGraw
- Aug 30, 2011
- Security expert Gary McGraw argues that the software security industry is favoring offense at the expense of defense, and that more proactive defense is needed.
|
- Software [In]security: BSIMM Begin
-
By
Gary McGraw, Sammy Migues
- Sep 24, 2009
- Gary McGraw introduces BSIMM Begin, a Web-based study focused on 40 of the 110 activities covered in the full Building Security In Maturity Model.
|
- Software [In]security: BSIMM Europe
-
By
Gary McGraw, David Harper, Matias Madou, Florence Mottay
- Nov 10, 2009
- Security expert Gary McGraw and team introduce BSIMM Europe and compare some of its initial results to the original BSIMM data.
|
- Software [In]security: BSIMM versus SAFECode and Other Kaiju Cinema
-
By
Gary McGraw, Sammy Migues
- Dec 26, 2011
- Gary McGraw and Sammy Migues clarify the intended use of the Building Security In Maturity Model (BSIMM) and compare it to the SAFECode Practices methodology.
|
- Software [In]security: BSIMM2
-
By
Gary McGraw, Brian Chess, Sammy Migues, Elizabeth Nichols
- May 12, 2010
- Gary McGraw and colleagues discuss the latest iteration of the Building Security In Maturity Model, BSIMM2.
|
- Software [In]security: BSIMM3
-
By
Gary McGraw, Brian Chess, Sammy Migues
- Sep 27, 2011
- BSIMM3 is the third iteration of the Building Security In Maturity Model (BSIMM) project, a tool used as a measuring stick for software security initiatives in the corporate world. Gary McGraw describes the BSIMM3 along with Brian Chess and Sammy Migues.
|
- Software [In]security: Cargo Cult Computer Security
-
By
Gary McGraw
- Jan 28, 2010
- Gary McGraw argues that the time is right to turn to real science to combat the "Cargo Cult" mentality of the software security field.
|
- Software [In]security: Comparing Apples, Oranges, and Aardvarks (or, All Static Analysis Tools Are Not Created Equal)
-
By
Gary McGraw, John Steven
- Jan 31, 2011
- Security expert Gary McGraw discusses the static analysis tools market, the pitfalls of product comparisons, and provides his recommendation for making the best choice.
|
- Software [In]security: Computer Security and International Norms
-
By
Gary McGraw
- May 30, 2011
- The Obama administration recently released its "International Strategy for Cyberspace" outlining America's ideals and strategies for cyberspace. Security expert Gary McGraw explains why he thinks the document is promising in its effort to make our national goals and policies clear when it comes to cyberspace.
|
- Software [In]security: Cyber War - Hype or Consequences?
-
By
Gary McGraw
- Jun 17, 2010
- Is the threat of cyber war real or imagined? In this article Gary McGraw first defines cyber war and then describes some very real possibilities.
|
- Software [In]security: Cyber Warmongering and Influence Peddling
-
By
Gary McGraw, Ivan Arce
- Nov 24, 2010
- Gary McGraw & Ivan Arce explain how the current climate of exaggeration and FUD surrounding cyber attacks does not ultimately serve the best interests of computer security research — or our country.
|
- Software [In]security: How to p0wn a Control System with Stuxnet
-
By
Gary McGraw
- Sep 23, 2010
- Gary McGraw describes the Stuxnet worm and explains some of its potentially dangerous implications.
|
- Software [In]security: Measuring Software Security
-
By
Gary McGraw, Jim Routh
- Jun 18, 2009
- Gary McGraw and Jim Routh describe the value positioning of a successful software security initiative instituted at a large financial services firm.
|
- Software [In]security: Modern Malware
-
By
Gary McGraw
- Mar 22, 2011
- Software security expert and author Gary McGraw looks at where malware is heading — and what we should do about it.
|
- Software [In]security: Moving U.S. Cybersecurity Beyond Cyberplatitudes
-
By
Gary McGraw
- Jul 16, 2009
- Gary McGraw discusses how the current U.S. administration needs to make some important progress on cybersecurity rather than simply offering more platitudes.
|
- Software [In]security: Nine Things Everybody Does: Software Security Activities from the BSIMM
-
By
Gary McGraw, Brian Chess, Sammy Migues
- Feb 9, 2009
- Examine the nine common software security activities that make up the Building Security In Maturity Model (BSIMM).
|