Software Integrity

Archive for the 'Vendor Risk Management' Category

 

How to mitigate third-party security risks

Third-party products and services are an integral part of business operations. Organizations depend heavily on optimizing their solutions by reducing costs; thus, bringing about the need for external expertise. Third-party organizations promise timely delivery of products and services, meeting compliance requirements, and optimizing the organization’s overall business performance. Reasons for bringing in a third party […]

Continue Reading...

Posted in Maturity Model (BSIMM), Security Risk Assessment, Vendor Risk Management | Comments Off on How to mitigate third-party security risks

 

Make a new year’s resolution to get serious about software security

Originally posted on SecurityWeek.  The beginning of any new year is a time for examination and setting new goals and objectives. Many of you understand that addressing the vulnerabilities in your software is something you can no longer ignore, and are ready to get serious about software security. Resolutions are nice, but if you are […]

Continue Reading...

Posted in Software Security Program Development, Vendor Risk Management | Comments Off on Make a new year’s resolution to get serious about software security

 

If you’re only as strong as your allies, should you trust third-party code?

Originally posted on SecurityWeek Doing business is a highly interactive endeavor and software is increasingly at the heart of those interactions. Agility becomes a key component of staying competitive, so organizations are seeking allies to help them obtain the software they need to stay in the race. Notice I said “obtain” rather than “build” or […]

Continue Reading...

Posted in Open Source Security, Software Security Testing, Vendor Risk Management | Comments Off on If you’re only as strong as your allies, should you trust third-party code?

 

Getting to the bottom of the top 5 vendor risk management best practices

“We cannot enter into alliances until we are acquainted with the designs of our neighbors.” – Sun Tzu Opening this post with an Art of War quote may seem a bit cliché. At the same time, it really hits the nail on the head when discussing vendor risk management. After all, the best way to […]

Continue Reading...

Posted in Software Security Testing, Vendor Risk Management | Comments Off on Getting to the bottom of the top 5 vendor risk management best practices

 

U.S. government stresses security in procurement and acquisitions

U.S. National Counterintelligence and Security Center (NSCS) will soon supply specific critical U.S. telecommunications, energy and financial organizations with classified supply chain threat reports. Last Thursday, the NSCS released a video highlighting the need for greater security around the supply chain. The video points out that during the Cold War, one could protect secrets by […]

Continue Reading...

Posted in Application Security, Vendor Risk Management | Comments Off on U.S. government stresses security in procurement and acquisitions

 

Security risks in mergers and acquisitions

Mergers and acquisitions (M&A) between two companies bring a unique synergy that cannot be obtained by one company alone. Along with synergy, M&A bring a lot of things to the table such as: Product diversification Customer base increase Cost and overhead reduction Quality staff increase Competition reduction One of the aspects rarely discussed during M&A is security as […]

Continue Reading...

Posted in Application Security, Security Risk Assessment, Security Standards and Compliance, Software Security Testing, Vendor Risk Management, Vulnerability Assessment | Comments Off on Security risks in mergers and acquisitions

 

How to mitigate your third-party mobile keyboard risk

What is the best form of cyber security defense? Well, as I always maintain, it’s user awareness! The implementation of a comprehensive user awareness policy carries a lot of weight and, when abided by, effectively complements the many technological solutions available. Mobile devices are used regularly within enterprise operations, and by nearly all consumers. The […]

Continue Reading...

Posted in Mobile Application Security, Security Risk Assessment, Vendor Risk Management | Comments Off on How to mitigate your third-party mobile keyboard risk

 

vBSIMM leading the way to ensure third-party software quality

In reading publications recently released by FS-ISAC and SAFECode on vendor management and third-party risk, I am pleased that the industry is finally coming together. We seem to finally agree on the obvious need to assess the processes under which software is made and not a particular end result. If “penetrate and patch” had any […]

Continue Reading...

Posted in Maturity Model (BSIMM), Vendor Risk Management | Comments Off on vBSIMM leading the way to ensure third-party software quality

 

Third-party security risk factors

As we build our budgets for 2016, many organizations are examining 2015 pitfalls in order to strategize where to spend money in the upcoming year. With the recent influx of security breaches, many are concerned about third parties and vendors with whom they share data. What can we do to reduce the likelihood of a breach internally, […]

Continue Reading...

Posted in Maturity Model (BSIMM), Software Security Testing, Vendor Risk Management | Comments Off on Third-party security risk factors

 

FS-ISAC recommended controls for addressing third-party software security

All businesses depend on software; some software is developed internally while the rest comes from third-party software service providers and commercial off-the-shelf software (COTS) vendors. While organizations can hope the software from third parties is built securely, hope isn’t a viable security strategy—which means firms need to develop an effective 3rd party security strategy to reduce […]

Continue Reading...

Posted in Financial Services Security, Software Security Testing, Vendor Risk Management | Comments Off on FS-ISAC recommended controls for addressing third-party software security