Software Security

124 Items

Sort by Date | Title

Software [In]security: Moving U.S. Cybersecurity Beyond Cyberplatitudes Jul 16, 2009 Gary McGraw discusses how the current U.S. administration needs to make some important progress on cybersecurity rather than simply offering more platitudes.

Software [In]security: Measuring Software Security Jun 18, 2009 Gary McGraw and Jim Routh describe the value positioning of a successful software security initiative instituted at a large financial services firm.

Information Security Bookshelf, Part 2 (2009 Edition) May 18, 2009 Ed Tittel compiles a collection of pointers to useful and informative books on information security, part 2 of 2.

Information Security Bookshelf, Part 1 (2009 Edition) May 8, 2009 Ed Tittel compiles a collection of pointers to useful and informative books on information security.

Software [In]security: Software Security Comes of Age Apr 16, 2009 Gary McGraw details the continued growth of the software security industry, even in the face of worldwide recession.

Chained Exploits: Discover What Your Boss Is Looking At Apr 10, 2009 Learn how to spy on your boss' net surfing habits — and protect yourself and your network from similar exploits.

Software [In]security: The Building Security In Maturity Model (BSIMM) Mar 16, 2009 The creators of the Building Security In Maturity Model describe the benefits of using it as a yardstick for measuring your own software security initiative.

Software [In]security: Nine Things Everybody Does: Software Security Activities from the BSIMM Feb 9, 2009 Examine the nine common software security activities that make up the Building Security In Maturity Model (BSIMM).

Software [In]security: Top 11 Reasons Why Top 10 (or Top 25) Lists Don’t Work Jan 13, 2009 Gary McGraw explains why there’s more to software security than watching the bug parade march by.

Robert Seacord on the CERT C Secure Coding Standard Dec 15, 2008 Robert C. Seacord and David Chisnall discuss the CERT C Secure Coding standard, developing C standards, and the future of the language and its offshoots.

Software [In]security: Software Security Top 10 Surprises Dec 15, 2008 In the course of analyzing real-world data from top software security firms, Gary McGraw, Brian Chess, and Sammy Migues unearthed some surprises.

Software [In]security: Web Applications and Software Security Nov 14, 2008 Gary McGraw argues that by understanding the relationship between Web application security and traditional software security, we can better understand security issues on both fronts.

Writing Insecure C, Part 3 Oct 24, 2008 David Chisnall concludes his series on insecure C code with a discussion of strings, along with some of the more advanced problems that people encounter with C.

Writing Insecure C, Part 2 Oct 17, 2008 Continuing his series on insecure C, David Chisnall points out some problems arising from handling of integers and memory in C.

Software [In]security: A Software Security Framework: Working Towards a Realistic Maturity Model Oct 15, 2008 Gary McGraw and Brian Chess introduce a software security framework (SSF) to help understand and plan a software security initiative.

Writing Insecure C, Part 1 Oct 10, 2008 David Chisnall takes a look at some of the pitfalls involved in writing secure code in C, with a guided tour of insecure code.

Software [In]security: Getting Past the Bug Parade Sep 17, 2008 Gary McGraw explains why more attention should be paid to finding software flaws through the use of threat modeling and architectural risk analysis.

No Time to Patch Sep 5, 2008 Randy Nash discusses the problems of exploits and malicious code and offers some suggestions to reduce the time to patch these vulnerabilities.

Software [In]security: Software Security Demand Rising Aug 11, 2008 Gary McGraw breaks down the numbers from 2007, showing that software security is making headway in the enterprise even against economic headwinds.

Perception of Security Risk: Fear, Uncertainty, and Doubt Jul 28, 2008 Why do so many security product vendors use it as part of the sales pitch? As Randy Nash explains, because it works.

<< < Prev Page 1 2 3 4 5 Next >