- Software [In]security: Moving U.S. Cybersecurity Beyond Cyberplatitudes
- Jul 16, 2009
- Gary McGraw discusses how the current U.S. administration needs to make some important progress on cybersecurity rather than simply offering more platitudes.
|
- Software [In]security: Measuring Software Security
- Jun 18, 2009
- Gary McGraw and Jim Routh describe the value positioning of a successful software security initiative instituted at a large financial services firm.
|
- Information Security Bookshelf, Part 2 (2009 Edition)
- May 18, 2009
- Ed Tittel compiles a collection of pointers to useful and informative books on information security, part 2 of 2.
|
- Information Security Bookshelf, Part 1 (2009 Edition)
- May 8, 2009
- Ed Tittel compiles a collection of pointers to useful and informative books on information security.
|
- Software [In]security: Software Security Comes of Age
- Apr 16, 2009
- Gary McGraw details the continued growth of the software security industry, even in the face of worldwide recession.
|
- Chained Exploits: Discover What Your Boss Is Looking At
- Apr 10, 2009
- Learn how to spy on your boss' net surfing habits — and protect yourself and your network from similar exploits.
|
- Software [In]security: The Building Security In Maturity Model (BSIMM)
- Mar 16, 2009
- The creators of the Building Security In Maturity Model describe the benefits of using it as a yardstick for measuring your own software security initiative.
|
- Software [In]security: Nine Things Everybody Does: Software Security Activities from the BSIMM
- Feb 9, 2009
- Examine the nine common software security activities that make up the Building Security In Maturity Model (BSIMM).
|
- Software [In]security: Top 11 Reasons Why Top 10 (or Top 25) Lists Don’t Work
- Jan 13, 2009
- Gary McGraw explains why there’s more to software security than watching the bug parade march by.
|
- Robert Seacord on the CERT C Secure Coding Standard
- Dec 15, 2008
- Robert C. Seacord and David Chisnall discuss the CERT C Secure Coding standard, developing C standards, and the future of the language and its offshoots.
|
- Software [In]security: Software Security Top 10 Surprises
- Dec 15, 2008
- In the course of analyzing real-world data from top software security firms, Gary McGraw, Brian Chess, and Sammy Migues unearthed some surprises.
|
- Software [In]security: Web Applications and Software Security
- Nov 14, 2008
- Gary McGraw argues that by understanding the relationship between Web application security and traditional software security, we can better understand security issues on both fronts.
|
- Writing Insecure C, Part 3
- Oct 24, 2008
- David Chisnall concludes his series on insecure C code with a discussion of strings, along with some of the more advanced problems that people encounter with C.
|
- Writing Insecure C, Part 2
- Oct 17, 2008
- Continuing his series on insecure C, David Chisnall points out some problems arising from handling of integers and memory in C.
|
- Software [In]security: A Software Security Framework: Working Towards a Realistic Maturity Model
- Oct 15, 2008
- Gary McGraw and Brian Chess introduce a software security framework (SSF) to help understand and plan a software security initiative.
|
- Writing Insecure C, Part 1
- Oct 10, 2008
- David Chisnall takes a look at some of the pitfalls involved in writing secure code in C, with a guided tour of insecure code.
|
- Software [In]security: Getting Past the Bug Parade
- Sep 17, 2008
- Gary McGraw explains why more attention should be paid to finding software flaws through the use of threat modeling and architectural risk analysis.
|
- No Time to Patch
- Sep 5, 2008
- Randy Nash discusses the problems of exploits and malicious code and offers some suggestions to reduce the time to patch these vulnerabilities.
|
- Software [In]security: Software Security Demand Rising
- Aug 11, 2008
- Gary McGraw breaks down the numbers from 2007, showing that software security is making headway in the enterprise even against economic headwinds.
|
- Perception of Security Risk: Fear, Uncertainty, and Doubt
- Jul 28, 2008
- Why do so many security product vendors use it as part of the sales pitch? As Randy Nash explains, because it works.
|