Software Integrity

Archive for the 'Software Security Program Development' Category

 

Why do companies need a software security program?

The information technology sector is one of the world’s fastest growing industries. In fact, the rate at which software and software products are evolving is many times greater when compared to the rate at which software security is evolving. In an age of cybercrime, some of the most widespread cyber-based crimes include: Stealing information via […]

Continue Reading...

Posted in Application Security, Data Breach, Featured, Software Security Program Development | No Comments »

 

The BSIMM helps organizations mature software security

How does your software security initiative stack up against the best? Against others in your market? Against your own goals? A Building Security In Maturity Model (BSIMM) assessment can answer these questions. Whether you call it a software security initiative (SSI), application security program, product security process, or something else, it’s a business necessity to […]

Continue Reading...

Posted in Application Security, Featured, Maturity Model (BSIMM), Software Security Program Development, Software Security Testing | No Comments »

 

Checklist: Kick off your software integrity program with a bang

We are coming up on fall here in the States, and for most of us, that means two big types of kickoffs are happening: new business initiatives and football. Budgets tend to land around the same time as football season, so if you want to enjoy your Sunday kickoffs, follow this list of four impactful […]

Continue Reading...

Posted in Application Security, Software Quality, Software Security Program Development | No Comments »

 

Survey finds organizations better prepared for cyber security threats

In a survey conducted by Synopsys at this year’s Infosecurity (InfoSec) Europe, almost half of participants said their organizations had not experienced a cyber attack within the last two years. Most attendees surveyed said their organizations had either an internal or external software security group or a combination of both. And the majority indicated their […]

Continue Reading...

Posted in Application Security, Security Conference or Event, Software Security Program Development | Comments Off on Survey finds organizations better prepared for cyber security threats

 

How can you tell if your software security strategy is working?

Let’s say you tested 46 web applications, 19 mobile apps, and 20 client-server apps this year alone. You also purchased a new application security testing tool in the process. You found 112 vulnerabilities and all-in-all you’re feeling pretty good. But before you get too excited, ask yourself a few questions: Did you reduce risk significantly? […]

Continue Reading...

Posted in Application Security, Security Standards and Compliance, Security Training, Software Security Program Development | Comments Off on How can you tell if your software security strategy is working?

 

Moving beyond ‘moving left’: The case for developer enablement

Originally posted on SecurityWeek.  For far too long software security has been comprised of a curious bifurcation of roles. Developers develop and IT security testers test for security issues. Fortunately, a confluence of circumstances has forced a recalibration of the developer’s role in software security. In fact, I think we are about to see a new […]

Continue Reading...

Posted in Security Training, Software Development Life Cycle (SDLC), Software Security Program Development, Static Analysis (SAST) | Comments Off on Moving beyond ‘moving left’: The case for developer enablement

 

Gary McGraw’s Shmoocon keynote recaps security career with advice

Gary McGraw provided this year’s keynote address at Shmoocon, held January 13-15 at the Washington Hilton in Washington, D.C. His talk, “Seven Things: Frank Zappa, T. Coraghassen Boyle, and 21 Years in Security,” touches upon valuable insights gleaned over McGraw’s more than 21 years in software security. It also reflects his many interests. Watch the […]

Continue Reading...

Posted in Security Conference or Event, Security Metrics, Security Training, Software Architecture and Design, Software Development Life Cycle (SDLC), Software Security Program Development | Comments Off on Gary McGraw’s Shmoocon keynote recaps security career with advice

 

3 presentations you don’t want to miss at AppSec California 2017

The Fourth Annual AppSec California Conference kicks off in one week at the Annenberg Beach House in Santa Monica, California. From January 23-25, security professionals, developers, penetration testers, and QA and testing professionals come together to share their knowledge and experiences about secure systems and secure development methodologies. We’re excited to attend the event as Platinum […]

Continue Reading...

Posted in Application Security, Maturity Model (BSIMM), Mobile Application Security, Security Conference or Event, Software Security Program Development, Threat Modeling | Comments Off on 3 presentations you don’t want to miss at AppSec California 2017

 

Make a new year’s resolution to get serious about software security

Originally posted on SecurityWeek.  The beginning of any new year is a time for examination and setting new goals and objectives. Many of you understand that addressing the vulnerabilities in your software is something you can no longer ignore, and are ready to get serious about software security. Resolutions are nice, but if you are […]

Continue Reading...

Posted in Software Security Program Development, Vendor Risk Management | Comments Off on Make a new year’s resolution to get serious about software security

 

Setting up a software security group in 5 steps

Traveling with a group will motivate you to pick up the pace. Working together, a team will share the load and make everyone’s pack lighter. The right team can make the difference between a painful slog and an incredible adventure. Meet your hiking party—the Software Security Group (SSG). Why have a software security group? In […]

Continue Reading...

Posted in Software Security Program Development | Comments Off on Setting up a software security group in 5 steps