Home > Articles > Security > Software Security

Software Security

39 Items

Sort by Date | Title

Software [In]security: BSIMM2
By Gary McGraw, Brian Chess, Sammy Migues, Elizabeth Nichols
May 12, 2010
Gary McGraw and colleagues discuss the latest iteration of the Building Security In Maturity Model, BSIMM2.
Software [In]security: The Smart (Electric) Grid and Dumb Cybersecurity
By Gary McGraw
Mar 26, 2010
Security expert Gary McGraw explains why the rush to upgrade our power grid may lead to security vulnerabilities in critical infrastructure.
Software [In]security: What Works in Software Security
By Gary McGraw, Brian Chess, Sammy Migues
Feb 26, 2010
15 of the 110 activities in the BSIMM are very commonly observed. Gary McGraw, Brian Chess, and Sammy Migues list and explain these activities.
Software [In]security: Cargo Cult Computer Security
By Gary McGraw
Jan 28, 2010
Gary McGraw argues that the time is right to turn to real science to combat the "Cargo Cult" mentality of the software security field.
Software [In]security: You Really Need a Software Security Group
By Gary McGraw
Dec 21, 2009
Gary McGraw explains why having a software security group is necessary for a software security initiative.
Software [In]security: BSIMM Europe
By Gary McGraw, David Harper, Matias Madou, Florence Mottay
Nov 10, 2009
Security expert Gary McGraw and team introduce BSIMM Europe and compare some of its initial results to the original BSIMM data.
Software [In]security: Startup Lessons
By Gary McGraw
Oct 22, 2009
Gary McGraw discusses the seven lessons he's learned through his startup years at Cigital.
Software [In]security: BSIMM Begin
By Gary McGraw, Sammy Migues
Sep 24, 2009
Gary McGraw introduces BSIMM Begin, a Web-based study focused on 40 of the 110 activities covered in the full Building Security In Maturity Model.
Software [In]security: Attack Categories and History Prediction
By Gary McGraw
Aug 25, 2009
Software security expert Gary McGraw describes how to divide attacks into four categories — and predict the attacks of tomorrow.
Software [In]security: Moving U.S. Cybersecurity Beyond Cyberplatitudes
By Gary McGraw
Jul 16, 2009
Gary McGraw discusses how the current U.S. administration needs to make some important progress on cybersecurity rather than simply offering more platitudes.
Software [In]security: Measuring Software Security
By Gary McGraw, Jim Routh
Jun 18, 2009
Gary McGraw and Jim Routh describe the value positioning of a successful software security initiative instituted at a large financial services firm.
Software [In]security: Software Security Comes of Age
By Gary McGraw
Apr 16, 2009
Gary McGraw details the continued growth of the software security industry, even in the face of worldwide recession.
Software [In]security: Nine Things Everybody Does: Software Security Activities from the BSIMM
By Gary McGraw, Brian Chess, Sammy Migues
Feb 9, 2009
Examine the nine common software security activities that make up the Building Security In Maturity Model (BSIMM).
Software [In]security: Top 11 Reasons Why Top 10 (or Top 25) Lists Don’t Work
By Gary McGraw
Jan 13, 2009
Gary McGraw explains why there’s more to software security than watching the bug parade march by.
Software [In]security: Software Security Top 10 Surprises
By Gary McGraw, Brian Chess, Sammy Migues
Dec 15, 2008
In the course of analyzing real-world data from top software security firms, Gary McGraw, Brian Chess, and Sammy Migues unearthed some surprises.
Software [In]security: A Software Security Framework: Working Towards a Realistic Maturity Model
By Gary McGraw, Brian Chess
Oct 15, 2008
Gary McGraw and Brian Chess introduce a software security framework (SSF) to help understand and plan a software security initiative.
Software [In]security: Paying for Secure Software
By Gary McGraw
Apr 7, 2008
Gary McGraw kicks off his new monthly column by showing how the added costs of developing secure software can be more than offset by lower TCO down the road.
The Role of Architectural Risk Analysis in Software Security
By Gary McGraw
Mar 3, 2006
Design flaws account for 50% of security problems. You can’t find design defects by staring at code—a higher-level understanding is required. That’s why architectural risk analysis plays an essential role in any solid software security program. Find out more about architectural risk analysis in this sample chapter.
Open Source Tools for Security Testing
By Michael Kelly
Sep 16, 2005
Michael Kelly reports on handy security uses for four open source tools: WebGoat, Firefox Web Developer, WebScarab, and Ethereal. By combining the tools in easy ways, testers can track down and close the gaping security holes that are often left in applications.

< Prev Page 1 2