Software Integrity Blog

Author Archive

Kevin Nassery

knassery

Kevin Nassery is a managing principal at Synopsys. With over 18 years of experience building and breaking information systems, he specializes in software security program design, infrastructure security, security architecture, denial of service issues, and penetration testing. Kevin holds a Master's from Depaul University where his focus was on network protocol design and security. He has maintained his CISSP since 2002.


Posts by Kevin Nassery:

 

Vulnerability management: Designing severity risk ranking systems

One of the first challenges most security teams tackle is defect discovery. Soon afterwards, the bugs start piling up. I often work with organizations struggling to consistently risk rank issues into severity categories. There are many factors to consider in this process, not to mention the amount of brain power going into devising the perfect severity system.

Continue Reading...

Posted in Software Architecture & Design | Comments Off on Vulnerability management: Designing severity risk ranking systems

 

Identifying and resolving software vulnerabilities: A balancing act

Leading a software security group (SSG) is a balancing act. Most decisions come down to how to apply an extremely limited amount of resources to what seems like an insurmountable problem. To give you an example, a question I have been asked in past roles, and continue to hear from clients today is: “Is it better to go looking for new vulnerabilities or to fix the ones we already know about?” In other words, how should priorities line up between the remediation of issues and the expansion and management of defect discovery?

Continue Reading...

Posted in Uncategorized | Comments Off on Identifying and resolving software vulnerabilities: A balancing act