Home > Articles > Security > Software Security

Software Security

RSS Feed Subscribe to this topic  RSS details

124 Items

Sort by Date | Title

Software [In]security: Moving U.S. Cybersecurity Beyond Cyberplatitudes
Jul 16, 2009
Gary McGraw discusses how the current U.S. administration needs to make some important progress on cybersecurity rather than simply offering more platitudes.
Software [In]security: Measuring Software Security
Jun 18, 2009
Gary McGraw and Jim Routh describe the value positioning of a successful software security initiative instituted at a large financial services firm.
Information Security Bookshelf, Part 2 (2009 Edition)
May 18, 2009
Ed Tittel compiles a collection of pointers to useful and informative books on information security, part 2 of 2.
Information Security Bookshelf, Part 1 (2009 Edition)
May 8, 2009
Ed Tittel compiles a collection of pointers to useful and informative books on information security.
Software [In]security: Software Security Comes of Age
Apr 16, 2009
Gary McGraw details the continued growth of the software security industry, even in the face of worldwide recession.
Chained Exploits: Discover What Your Boss Is Looking At
Apr 10, 2009
Learn how to spy on your boss' net surfing habits — and protect yourself and your network from similar exploits.
Software [In]security: The Building Security In Maturity Model (BSIMM)
Mar 16, 2009
The creators of the Building Security In Maturity Model describe the benefits of using it as a yardstick for measuring your own software security initiative.
Software [In]security: Nine Things Everybody Does: Software Security Activities from the BSIMM
Feb 9, 2009
Examine the nine common software security activities that make up the Building Security In Maturity Model (BSIMM).
Software [In]security: Top 11 Reasons Why Top 10 (or Top 25) Lists Don’t Work
Jan 13, 2009
Gary McGraw explains why there’s more to software security than watching the bug parade march by.
Robert Seacord on the CERT C Secure Coding Standard
Dec 15, 2008
Robert C. Seacord and David Chisnall discuss the CERT C Secure Coding standard, developing C standards, and the future of the language and its offshoots.
Software [In]security: Software Security Top 10 Surprises
Dec 15, 2008
In the course of analyzing real-world data from top software security firms, Gary McGraw, Brian Chess, and Sammy Migues unearthed some surprises.
Software [In]security: Web Applications and Software Security
Nov 14, 2008
Gary McGraw argues that by understanding the relationship between Web application security and traditional software security, we can better understand security issues on both fronts.
Writing Insecure C, Part 3
Oct 24, 2008
David Chisnall concludes his series on insecure C code with a discussion of strings, along with some of the more advanced problems that people encounter with C.
Writing Insecure C, Part 2
Oct 17, 2008
Continuing his series on insecure C, David Chisnall points out some problems arising from handling of integers and memory in C.
Software [In]security: A Software Security Framework: Working Towards a Realistic Maturity Model
Oct 15, 2008
Gary McGraw and Brian Chess introduce a software security framework (SSF) to help understand and plan a software security initiative.
Writing Insecure C, Part 1
Oct 10, 2008
David Chisnall takes a look at some of the pitfalls involved in writing secure code in C, with a guided tour of insecure code.
Software [In]security: Getting Past the Bug Parade
Sep 17, 2008
Gary McGraw explains why more attention should be paid to finding software flaws through the use of threat modeling and architectural risk analysis.
No Time to Patch
Sep 5, 2008
Randy Nash discusses the problems of exploits and malicious code and offers some suggestions to reduce the time to patch these vulnerabilities.
Software [In]security: Software Security Demand Rising
Aug 11, 2008
Gary McGraw breaks down the numbers from 2007, showing that software security is making headway in the enterprise even against economic headwinds.
Perception of Security Risk: Fear, Uncertainty, and Doubt
Jul 28, 2008
Why do so many security product vendors use it as part of the sales pitch? As Randy Nash explains, because it works.

<< < Prev Page 1 2 3 4 5 Next >