Software Integrity Blog

Archive for the 'Software Security Initiative (SSI)' Category

 

The BSIMM helps organizations mature software security

How does your software security initiative stack up against the best? Against others in your market? Against your own goals? A Building Security In Maturity Model (BSIMM) assessment can answer these questions. Whether you call it a software security initiative (SSI), application security program, product security process, or something else, it’s a business necessity to […]

Continue Reading...

Posted in Maturity Model (BSIMM), Software Security Initiative (SSI)

 

Checklist: Kick off your software integrity program with a bang

We are coming up on fall here in the States, and for most of us, that means two big types of kickoffs are happening: new business initiatives and football. Budgets tend to land around the same time as football season, so if you want to enjoy your Sunday kickoffs, follow this list of four impactful […]

Continue Reading...

Posted in Software Security Initiative (SSI)

 

Survey finds organizations better prepared for cyber security threats

In a survey conducted by Synopsys at this year’s Infosecurity (InfoSec) Europe, almost half of participants said their organizations had not experienced a cyber attack within the last two years. Most attendees surveyed said their organizations had either an internal or external software security group or a combination of both. And the majority indicated their […]

Continue Reading...

Posted in Software Security Initiative (SSI), Webinars

 

How can you tell if your software security strategy is working?

Let’s say you tested 46 web applications, 19 mobile apps, and 20 client-server apps this year alone. You also purchased a new application security testing tool in the process. You found 112 vulnerabilities and all-in-all you’re feeling pretty good. But before you get too excited, ask yourself a few questions: Did you reduce risk significantly? […]

Continue Reading...

Posted in Security Standards and Compliance, Security Training, Software Security Initiative (SSI)

 

How to mitigate third-party security risks

Third-party products and services are an integral part of business operations. Organizations depend heavily on optimizing their solutions by reducing costs; thus, bringing about the need for external expertise. Third-party organizations promise timely delivery of products and services, meeting compliance requirements, and optimizing the organization’s overall business performance. Reasons for bringing in a third party […]

Continue Reading...

Posted in Maturity Model (BSIMM), Software Architecture and Design, Software Security Initiative (SSI)

 

Moving beyond ‘moving left’: The case for developer enablement

Originally posted on SecurityWeek.  For far too long software security has been comprised of a curious bifurcation of roles. Developers develop and IT security testers test for security issues. Fortunately, a confluence of circumstances has forced a recalibration of the developer’s role in software security. In fact, I think we are about to see a new […]

Continue Reading...

Posted in Security Training, Software Security Initiative (SSI), Static Analysis (SAST)

 

Gary McGraw’s Shmoocon keynote recaps security career with advice

Gary McGraw provided this year’s keynote address at Shmoocon, held January 13-15 at the Washington Hilton in Washington, D.C. His talk, Seven Things: Frank Zappa, T. Coraghessan Boyle, and 21 Years in Security” touches upon valuable insights gleaned over his more than 21 years in software security. It also reflects his many interests. Watch the […]

Continue Reading...

Posted in Security Training, Software Architecture and Design, Software Security Initiative (SSI), Webinars

 

Make a new year’s resolution to get serious about software security

Originally posted on SecurityWeek.  The beginning of any new year is a time for examination and setting new goals and objectives. Many of you understand that addressing the vulnerabilities in your software is something you can no longer ignore, and are ready to get serious about software security. Resolutions are nice, but if you are […]

Continue Reading...

Posted in Software Security Initiative (SSI)

 

If you’re only as strong as your allies, should you trust third-party code?

Originally posted on SecurityWeek Doing business is a highly interactive endeavor and software is increasingly at the heart of those interactions. Agility becomes a key component of staying competitive, so organizations are seeking allies to help them obtain the software they need to stay in the race. Notice I said “obtain” rather than “build” or […]

Continue Reading...

Posted in Open Source Security, Software Security Initiative (SSI)

 

Get executive support for your software security journey

According to Osterman Research, 60% of IT and security leaders say that the information they provide on cyber risk is NOT actionable. To add to that alarming finding, SearchSecurity reports that 12% of CISOs include NO metrics in their reports to senior executives. Software security is one of many competing priorities demanding the attention of […]

Continue Reading...

Posted in Software Security Initiative (SSI)