Software Integrity Blog

Archive for the 'Maturity Model (BSIMM)' Category

 

Securing software development: NIST joins the parade

The NIST Secure Software Development Framework (SSDF) is the latest standard aimed at improving software security. Can its novel approach help it succeed?

Continue Reading...

Posted in Maturity Model (BSIMM) | Comments Off on Securing software development: NIST joins the parade

 

It’s not just you they’re after—it’s your supply chain too

Supply chain attacks are not new. But as the supply chain grows longer and more complex, the attacks are evolving to keep up. Is your supply chain secure?

Continue Reading...

Posted in Maturity Model (BSIMM) | Comments Off on It’s not just you they’re after—it’s your supply chain too

 

What happens when your CISO has one of those days?

A CISO having a bad day finds out the hard way that cutting corners on software security testing might end up costing him more than he saved.

Continue Reading...

Posted in Cloud Security, Interactive Application Security Testing (IAST), Maturity Model (BSIMM), Mobile Application Security, Open Source Security, Security Training, Software Architecture and Design, Software Composition Analysis | Comments Off on What happens when your CISO has one of those days?

 

More medical mega-breaches thanks to third-party insecurity

The AMCA breach hammers home the need for supply chain security. Here’s how to vet your vendors so you can keep from becoming the next Quest or LabCorp.

Continue Reading...

Posted in Data Breach, Healthcare Security, Maturity Model (BSIMM) | Comments Off on More medical mega-breaches thanks to third-party insecurity

 

[Webinars] Software security metrics and open source security

Learn how to drive your software security initiative with metrics, and get practical advice for open source security with Red Hat, in our new webinars.

Continue Reading...

Posted in Maturity Model (BSIMM), Open Source Security, Webinars | Comments Off on [Webinars] Software security metrics and open source security

 

Experts talk application security at RSA

We asked a couple of AppSec experts and BSIMM participants about 2019 application security trends, challenges, obstacles, and solutions. Here’s what they said.

Continue Reading...

Posted in Maturity Model (BSIMM) | Comments Off on Experts talk application security at RSA

 

The hidden costs and risks of free puppies (and open source)

SCA tools are an essential part of your AppSec toolkit, because free and open source software—just like free puppies—comes with hidden costs and risks.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Maturity Model (BSIMM), Open Source Security, Software Composition Analysis | Comments Off on The hidden costs and risks of free puppies (and open source)

 

From mainframes to connected cars: How software drives the automotive industry

The automotive industry runs on software—but increased software increases the attack surface. Vehicle safety starts with automotive software security.

Continue Reading...

Posted in Automotive Security, Maturity Model (BSIMM), Software Architecture and Design | Comments Off on From mainframes to connected cars: How software drives the automotive industry

 

Retail joins the BSIMM—finally

This year’s BSIMM newcomer is retail. The concept of retail software security isn’t new, so why is retail late to the BSIMM party? We’ve got some theories.

Continue Reading...

Posted in Maturity Model (BSIMM) | Comments Off on Retail joins the BSIMM—finally

 

Automation: One of the keys to DevSecOps

The benefits of automation in DevSecOps are clear: streamlined, collaborative development, security, and operation. But how do you go about doing it?

Continue Reading...

Posted in Agile, CI/CD & DevOps, Maturity Model (BSIMM) | Comments Off on Automation: One of the keys to DevSecOps