- Software [In]security: BSIMM2
-
By
Gary McGraw, Brian Chess, Sammy Migues, Elizabeth Nichols
- May 12, 2010
- Gary McGraw and colleagues discuss the latest iteration of the Building Security In Maturity Model, BSIMM2.
|
- Software [In]security: The Smart (Electric) Grid and Dumb Cybersecurity
-
By
Gary McGraw
- Mar 26, 2010
- Security expert Gary McGraw explains why the rush to upgrade our power grid may lead to security vulnerabilities in critical infrastructure.
|
- Software [In]security: What Works in Software Security
-
By
Gary McGraw, Brian Chess, Sammy Migues
- Feb 26, 2010
- 15 of the 110 activities in the BSIMM are very commonly observed. Gary McGraw, Brian Chess, and Sammy Migues list and explain these activities.
|
- Software [In]security: Cargo Cult Computer Security
-
By
Gary McGraw
- Jan 28, 2010
- Gary McGraw argues that the time is right to turn to real science to combat the "Cargo Cult" mentality of the software security field.
|
- Software [In]security: You Really Need a Software Security Group
-
By
Gary McGraw
- Dec 21, 2009
- Gary McGraw explains why having a software security group is necessary for a software security initiative.
|
- Software [In]security: BSIMM Europe
-
By
Gary McGraw, David Harper, Matias Madou, Florence Mottay
- Nov 10, 2009
- Security expert Gary McGraw and team introduce BSIMM Europe and compare some of its initial results to the original BSIMM data.
|
- Software [In]security: Startup Lessons
-
By
Gary McGraw
- Oct 22, 2009
- Gary McGraw discusses the seven lessons he's learned through his startup years at Cigital.
|
- Software [In]security: BSIMM Begin
-
By
Gary McGraw, Sammy Migues
- Sep 24, 2009
- Gary McGraw introduces BSIMM Begin, a Web-based study focused on 40 of the 110 activities covered in the full Building Security In Maturity Model.
|
- Software [In]security: Attack Categories and History Prediction
-
By
Gary McGraw
- Aug 25, 2009
- Software security expert Gary McGraw describes how to divide attacks into four categories — and predict the attacks of tomorrow.
|
- Software [In]security: Moving U.S. Cybersecurity Beyond Cyberplatitudes
-
By
Gary McGraw
- Jul 16, 2009
- Gary McGraw discusses how the current U.S. administration needs to make some important progress on cybersecurity rather than simply offering more platitudes.
|
- Software [In]security: Measuring Software Security
-
By
Gary McGraw, Jim Routh
- Jun 18, 2009
- Gary McGraw and Jim Routh describe the value positioning of a successful software security initiative instituted at a large financial services firm.
|
- Software [In]security: Software Security Comes of Age
-
By
Gary McGraw
- Apr 16, 2009
- Gary McGraw details the continued growth of the software security industry, even in the face of worldwide recession.
|
- Software [In]security: Nine Things Everybody Does: Software Security Activities from the BSIMM
-
By
Gary McGraw, Brian Chess, Sammy Migues
- Feb 9, 2009
- Examine the nine common software security activities that make up the Building Security In Maturity Model (BSIMM).
|
- Software [In]security: Top 11 Reasons Why Top 10 (or Top 25) Lists Don’t Work
-
By
Gary McGraw
- Jan 13, 2009
- Gary McGraw explains why there’s more to software security than watching the bug parade march by.
|
- Software [In]security: Software Security Top 10 Surprises
-
By
Gary McGraw, Brian Chess, Sammy Migues
- Dec 15, 2008
- In the course of analyzing real-world data from top software security firms, Gary McGraw, Brian Chess, and Sammy Migues unearthed some surprises.
|
- Software [In]security: A Software Security Framework: Working Towards a Realistic Maturity Model
-
By
Gary McGraw, Brian Chess
- Oct 15, 2008
- Gary McGraw and Brian Chess introduce a software security framework (SSF) to help understand and plan a software security initiative.
|
- Software [In]security: Paying for Secure Software
-
By
Gary McGraw
- Apr 7, 2008
- Gary McGraw kicks off his new monthly column by showing how the added costs of developing secure software can be more than offset by lower TCO down the road.
|
- The Role of Architectural Risk Analysis in Software Security
-
By
Gary McGraw
- Mar 3, 2006
- Design flaws account for 50% of security problems. You can’t find design defects by staring at code—a higher-level understanding is required. That’s why architectural risk analysis plays an essential role in any solid software security program. Find out more about architectural risk analysis in this sample chapter.
|
- Open Source Tools for Security Testing
-
By
Michael Kelly
- Sep 16, 2005
- Michael Kelly reports on handy security uses for four open source tools: WebGoat, Firefox Web Developer, WebScarab, and Ethereal. By combining the tools in easy ways, testers can track down and close the gaping security holes that are often left in applications.
|