Software Integrity Blog

Archive for the 'Financial Services Security' Category

 

Is it time for Enterprise IT to declare defeat in the cyber security war?

How can business leaders guarantee that they won’t be the next headline security breach? How should companies even start to address software security? Watch the HP Discover Performance Weekly video featuring Cigital CTO, Dr. Gary McGraw, to find out.

Continue Reading...

Posted in Archive, Financial Services Security, Web Application Security

 

Insight into scaling automated code review

Nearly every organization tackling software security today is working on automating code review. However, the challenge most firms are running into now is how to scale this process with industrial-strength static analysis code review tools like HP Fortify, IBM AppScan, and Coverity. The latest SearchSecurity article from Gary McGraw, Synopsys, and Jim Routh, CISO, Global […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Financial Services Security, Static Analysis (SAST)

 

FS-ISAC recommended controls for addressing third-party software security

All businesses depend on software; some software is developed internally while the rest comes from third-party software service providers and commercial off-the-shelf software (COTS) vendors. While organizations can hope the software from third parties is built securely, hope isn’t a viable security strategy—which means firms need to develop an effective 3rd party security strategy to reduce […]

Continue Reading...

Posted in Financial Services Security, Software Security Initiative (SSI)

 

Automate security tests and build security in from day one

Or: The ugly baby phenomenon and why you should not focus on false positives Dr. Markus Schumacher has served as CEO and Co-Founder of Virtual Forge GmbH since 2006. The company specializes in the security of SAP applications. Dr. Schumacher was previously a representative of the Fraunhofer Institute for Secure Information Technology (SIT) and worked […]

Continue Reading...

Posted in Financial Services Security, Maturity Model (BSIMM)