Software Security

39 Items

Sort by Date | Title

Software [In]security: BSIMM2 By Gary McGraw, Brian Chess, Sammy Migues, Elizabeth Nichols May 12, 2010 Gary McGraw and colleagues discuss the latest iteration of the Building Security In Maturity Model, BSIMM2.

Software [In]security: The Smart (Electric) Grid and Dumb Cybersecurity By Gary McGraw Mar 26, 2010 Security expert Gary McGraw explains why the rush to upgrade our power grid may lead to security vulnerabilities in critical infrastructure.

Software [In]security: What Works in Software Security By Gary McGraw, Brian Chess, Sammy Migues Feb 26, 2010 15 of the 110 activities in the BSIMM are very commonly observed. Gary McGraw, Brian Chess, and Sammy Migues list and explain these activities.

Software [In]security: Cargo Cult Computer Security By Gary McGraw Jan 28, 2010 Gary McGraw argues that the time is right to turn to real science to combat the "Cargo Cult" mentality of the software security field.

Software [In]security: You Really Need a Software Security Group By Gary McGraw Dec 21, 2009 Gary McGraw explains why having a software security group is necessary for a software security initiative.

Software [In]security: BSIMM Europe By Gary McGraw, David Harper, Matias Madou, Florence Mottay Nov 10, 2009 Security expert Gary McGraw and team introduce BSIMM Europe and compare some of its initial results to the original BSIMM data.

Software [In]security: Startup Lessons By Gary McGraw Oct 22, 2009 Gary McGraw discusses the seven lessons he's learned through his startup years at Cigital.

Software [In]security: BSIMM Begin By Gary McGraw, Sammy Migues Sep 24, 2009 Gary McGraw introduces BSIMM Begin, a Web-based study focused on 40 of the 110 activities covered in the full Building Security In Maturity Model.

Software [In]security: Attack Categories and History Prediction By Gary McGraw Aug 25, 2009 Software security expert Gary McGraw describes how to divide attacks into four categories — and predict the attacks of tomorrow.

Software [In]security: Moving U.S. Cybersecurity Beyond Cyberplatitudes By Gary McGraw Jul 16, 2009 Gary McGraw discusses how the current U.S. administration needs to make some important progress on cybersecurity rather than simply offering more platitudes.

Software [In]security: Measuring Software Security By Gary McGraw, Jim Routh Jun 18, 2009 Gary McGraw and Jim Routh describe the value positioning of a successful software security initiative instituted at a large financial services firm.

Software [In]security: Software Security Comes of Age By Gary McGraw Apr 16, 2009 Gary McGraw details the continued growth of the software security industry, even in the face of worldwide recession.

Software [In]security: Nine Things Everybody Does: Software Security Activities from the BSIMM By Gary McGraw, Brian Chess, Sammy Migues Feb 9, 2009 Examine the nine common software security activities that make up the Building Security In Maturity Model (BSIMM).

Software [In]security: Top 11 Reasons Why Top 10 (or Top 25) Lists Don’t Work By Gary McGraw Jan 13, 2009 Gary McGraw explains why there’s more to software security than watching the bug parade march by.

Software [In]security: Software Security Top 10 Surprises By Gary McGraw, Brian Chess, Sammy Migues Dec 15, 2008 In the course of analyzing real-world data from top software security firms, Gary McGraw, Brian Chess, and Sammy Migues unearthed some surprises.

Software [In]security: A Software Security Framework: Working Towards a Realistic Maturity Model By Gary McGraw, Brian Chess Oct 15, 2008 Gary McGraw and Brian Chess introduce a software security framework (SSF) to help understand and plan a software security initiative.

Software [In]security: Paying for Secure Software By Gary McGraw Apr 7, 2008 Gary McGraw kicks off his new monthly column by showing how the added costs of developing secure software can be more than offset by lower TCO down the road.

The Role of Architectural Risk Analysis in Software Security By Gary McGraw Mar 3, 2006 Design flaws account for 50% of security problems. You can’t find design defects by staring at code—a higher-level understanding is required. That’s why architectural risk analysis plays an essential role in any solid software security program. Find out more about architectural risk analysis in this sample chapter.

Open Source Tools for Security Testing By Michael Kelly Sep 16, 2005 Michael Kelly reports on handy security uses for four open source tools: WebGoat, Firefox Web Developer, WebScarab, and Ethereal. By combining the tools in easy ways, testers can track down and close the gaping security holes that are often left in applications.

< Prev Page 1 2