Software Integrity

Archive for September 2015

 

Building security into the SDLC without impacting velocity

Building security into the software development life cycle (SDLC) has become a common practice in many organizations. While security activities reduce security risks and implement compliance-focused requirements within software, they also require time and effort. Development teams are very feature and delivery driven. Requiring additional time and effort make security activities a low-priority, if even in consideration […]

Continue Reading...

Posted in CI/CD, Security Architecture, Software Development Life Cycle (SDLC) | Comments Off on Building security into the SDLC without impacting velocity

 

Adding security steps to your Agile development process

You can build security into your waterfall software development life cycle (SDLC) when you have days or weeks to dot your i’s and cross your t’s. Don’t have time for that? Well then, Agile is the expeditious methodology when adding security considerations into your SDLC. What do you do when you’re engineering at high speeds? How […]

Continue Reading...

Posted in Agile Methodology, Software Development Life Cycle (SDLC) | Comments Off on Adding security steps to your Agile development process

 

Benefits of code scanning for code review

“All software projects are guaranteed to have one artifact in common – source code. Because of this guarantee, it make sense to center a software assurance activity around code itself.” -Gary McGraw, Software Security: Building Security In When an author sits down to write today, they have great tools available to automatically check their spelling […]

Continue Reading...

Posted in Code Review, Software Security Testing, Static Analysis (SAST) | Comments Off on Benefits of code scanning for code review

 

Developers targeted in Apple’s iOS malware attack

Apple is currently taking measures to eradicate hundreds (potentially thousands) of malicious apps recently discovered in the iOS App Store. It has come to light that hackers distributed a modified version of Apple’s developer toolkit, Xcode, which embedded malware known as XcodeGhost into iOS apps as they were being compiled. While developers know they shouldn’t […]

Continue Reading...

Posted in Mobile Application Security, Software Development Life Cycle (SDLC), Software Security Program Development, Software Security Testing | Comments Off on Developers targeted in Apple’s iOS malware attack

 

Agile methodology and application security: A promising pair

Agile and application security are often spoken of together as oil and water, but are they really? Agile software development happens fast. The high frequency of iterations and releases often translates to wildly dynamic application build structures, with new components/modules added regularly throughout the software development life cycle (SDLC). This iterative approach enables teams to […]

Continue Reading...

Posted in Agile Methodology, Application Security, Dynamic Analysis (DAST), Penetration Testing, Software Development Life Cycle (SDLC), Static Analysis (SAST), Threat Modeling | Comments Off on Agile methodology and application security: A promising pair

 

How to scale a software security initiative: Lessons from the BSIMM

The approach needed for scaling a software security initiative (SSI) varies from industry to industry and from business to business, right? That’s one of the questions explored by the Building Security In Maturity Model (BSIMM). But, why now? Computers and software have been around for decades. Why have software security topics, especially that of scalability, […]

Continue Reading...

Posted in Maturity Model (BSIMM), Software Security Program Development | Comments Off on How to scale a software security initiative: Lessons from the BSIMM

 

Why the FTC’s software security stance matters to your business

The facts The U.S. Circuit Court of Appeals recently ruled that the Federal Trade Commission (FTC) has the authority to regulate aspects of corporate cyber security and may penalize those who fail to properly safeguard customer information.  Some background is in order. For a number of years, the FTC has been making waves in cyber […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on Why the FTC’s software security stance matters to your business

 

5 ways to pay your technical debt back

Benjamin Franklin once said there were only two things certain in life: death and taxes—unless you’re responsible for information security, of course. In that case, you can add a third, technical debt. However, instead of discussing the general concept of technical debt, let’s talk about: The three areas you incur debt The five ways you […]

Continue Reading...

Posted in Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on 5 ways to pay your technical debt back

 

SecureAssist helps developers build security into any software development life cycle

The issue The primary goal of a software developer is to get through the edit, compile, debug workflow as efficiently as possible, ensuring that software is working correctly and is delivered on time. As a result, security isn’t a developer’s top priority. While businesses don’t want to release defective or insecure software, many don’t have […]

Continue Reading...

Posted in Dynamic Analysis (DAST), Software Development Life Cycle (SDLC), Software Security Testing, Static Analysis (SAST), Vulnerability Assessment | Comments Off on SecureAssist helps developers build security into any software development life cycle

 

Understanding software risk is as simple as changing a flat tire

There are a lot of terms and techniques for dealing with risk and we use them regularly in software security. Risk is a vector with two components: impact and likelihood. Impact is the bad stuff that is going to happen to us if the risk is realized. Likelihood is a (frequently subjective) notion of how […]

Continue Reading...

Posted in Security Risk Assessment | Comments Off on Understanding software risk is as simple as changing a flat tire