Software Integrity

Archive for July 2014

 

Security is front and center for developers

Given the recent number of high profile vulnerabilities like Heartbleed many organizations are taking a critical look at their application security programs to determine if what they are doing is enough. The reality is many firms stick with traditional security practices incapable of finding deeper or complex issues. A fundamental way organizations can improve their […]

Continue Reading...

Posted in Security Training, Software Security Program Development | Comments Off on Security is front and center for developers

 

Associating security responsibilities within development frameworks

Practicing software security builds on knowledge of tools, techniques, and technologies. I consistently harp on the importance of understanding development frameworks. These frameworks provide a foundation for technology knowledge — Instructors must speak developers’ language when training; frameworks form the vernacular. When assessing software, one needs to know where in the haystack to look for […]

Continue Reading...

Posted in Maturity Model (BSIMM), Software Security Program Development, Software Security Testing, Threat Modeling | Comments Off on Associating security responsibilities within development frameworks