Software Integrity Blog

Author Archive

Sammy Migues


Sammy Migues is a principal scientist at Synopsys. He is an information security visionary with a proven record of entrepreneurial innovation, intellectual capital development, practical business solutions, and performance optimization. Sammy is a respected thought-leader in software security initiatives and related application security programs, asserting, “I still know what I’m talking about. Really.” Sammy spends his free time in pursuit of more knowledge, so you can be assured he does.

Posts by Sammy Migues:


Risk ranking your applications: A method to the madness

You likely have a diverse mix of applications within your organization.

Continue Reading...

Posted in Software Architecture & Design | Comments Off on Risk ranking your applications: A method to the madness


Building meaningful security metrics

Many people in various security disciplines are looking to metrics as a way to demonstrate the efficacy of their efforts and show continuous process improvement. Unfortunately, poorly constructed metrics usually create more confusion than insight. If I told you that testing discovered nine critical vulnerabilities last month, what knowledge have I imparted? Does it clarify improvement from last month/last year? Does it imply that you are testing more broadly across your portfolio to eliminate detection gaps? Does it mean you simply changed the definition for “critical”?

Continue Reading...

Posted in Application Security | Comments Off on Building meaningful security metrics


The risk of too much risk management

IT controls. Corporate governance. Decision support. Right-sized spending (another phrase I thought I coined, but I see it gets three hits in Google). These are all part of the all-too-nebulous activity often referred to as data security risk management.

Continue Reading...

Posted in Software Security Program | Comments Off on The risk of too much risk management