The NIST Secure Software Development Framework (SSDF) is the latest standard aimed at improving software security. Can its novel approach help it succeed?
Posted in Maturity Model (BSIMM) | Comments Off on Securing software development: NIST joins the parade
Supply chain attacks are not new. But as the supply chain grows longer and more complex, the attacks are evolving to keep up. Is your supply chain secure?
Posted in Maturity Model (BSIMM) | Comments Off on It’s not just you they’re after—it’s your supply chain too
A CISO having a bad day finds out the hard way that cutting corners on software security testing might end up costing him more than he saved.
Posted in Cloud Security, Interactive Application Security Testing (IAST), Maturity Model (BSIMM), Mobile Application Security, Open Source Security, Security Training, Software Architecture and Design, Software Composition Analysis | Comments Off on What happens when your CISO has one of those days?
The AMCA breach hammers home the need for supply chain security. Here’s how to vet your vendors so you can keep from becoming the next Quest or LabCorp.
Posted in Data Breach, Healthcare Security, Maturity Model (BSIMM) | Comments Off on More medical mega-breaches thanks to third-party insecurity
Learn how to drive your software security initiative with metrics, and get practical advice for open source security with Red Hat, in our new webinars.
Posted in Maturity Model (BSIMM), Open Source Security, Webinars | Comments Off on [Webinars] Software security metrics and open source security
We asked a couple of AppSec experts and BSIMM participants about 2019 application security trends, challenges, obstacles, and solutions. Here’s what they said.
Posted in Maturity Model (BSIMM) | Comments Off on Experts talk application security at RSA
SCA tools are an essential part of your AppSec toolkit, because free and open source software—just like free puppies—comes with hidden costs and risks.
Posted in Agile, CI/CD & DevOps, Maturity Model (BSIMM), Open Source Security, Software Composition Analysis | Comments Off on The hidden costs and risks of free puppies (and open source)
The automotive industry runs on software—but increased software increases the attack surface. Vehicle safety starts with automotive software security.
Posted in Automotive Security, Maturity Model (BSIMM), Software Architecture and Design | Comments Off on From mainframes to connected cars: How software drives the automotive industry
This year’s BSIMM newcomer is retail. The concept of retail software security isn’t new, so why is retail late to the BSIMM party? We’ve got some theories.
Posted in Maturity Model (BSIMM) | Comments Off on Retail joins the BSIMM—finally
The benefits of automation in DevSecOps are clear: streamlined, collaborative development, security, and operation. But how do you go about doing it?
Posted in Agile, CI/CD & DevOps, Maturity Model (BSIMM) | Comments Off on Automation: One of the keys to DevSecOps