Software Integrity

  Where does software security really fit into your firm? We recently decided to conduct a study to find out. Gathering data in a series of in-person interviews with 25 chief information security officers (CISOs), our aim was to understand their strategies and approaches. The 2018 CISO Report presents the research findings. From the findings, […]

Continue Reading...

Thanks to Bitcoin, it’s fair to say that “blockchain” is a buzzword at the moment—like DevOps, or Zumba. This article isn’t going to dive into what a blockchain is, because many others out there already do that. Here’s a pretty good one that has a snappy description of the evolution of Bitcoin and its symbiotic […]

Continue Reading...

It’s been called Data Privacy Day since it was launched in 2008 to commemorate the signing of Convention 108—the first legally binding international treaty dealing with privacy and data protection—on Jan. 28, 1981. But you could make a pretty solid case that a decade later, this year’s observance, on Sunday, ought to be called Lack […]

Continue Reading...

Chief information security officers (CISOs) play a critical role in our software-driven world, but the role is still relatively new. What CISOs do on a daily basis—and why—has largely remained a mystery—at least until we studied them in the wild. The 2018 CISO Report identifies four distinct approaches to the CISO role. Join us as […]

Continue Reading...

An old proverb states that if you give a man a fish, you feed him for a day; but, if you teach a man to fish, you feed him for life. Software security training aligns very well with this proverb. The majority of developers don’t come equipped with security skills. In fact 95% of software […]

Continue Reading...

We recently sat down with Synopsys VP of security technology, Dr. Gary McGraw, to discuss his latest research effort. In addition to the annual Building Security In Maturity Model (BSIMM), Gary has set out to identify the ways in which CISOs approach their job role. The CISO project team, which included Sammy Migues and Dr. […]

Continue Reading...

From the moon to autonomous driving There is a general awareness that software complexity has been growing immensely over time. Starting a few decades ago with special-purpose tasks, such as calculating equations to send a man to the moon, we are now at a stage where our world and much of our lives depend intrinsically […]

Continue Reading...

Performing threat modeling is a difficult and expensive undertaking for most firms. And, understandably. Traditionally, threat modeling requires an experienced security architect with knowledge in three fundamental areas. Architecture and design patterns Enterprise application technologies Security controls and best practices When creating a scalable threat model, it’s important to recognize the benefits and limitations of […]

Continue Reading...

Now that a new year is upon us, we must remember that this is the year the General Data Protection Regulation (GDPR) supersedes Directive 95/36/EC. The new regulation will take effect May 25, 2018. In other words, this is the date by which organizations must be compliant. Primary obligations under GDPR GDPR applies to the […]

Continue Reading...

The risk of open source and third-party code In today’s fast-paced world with rapid technological advancements, few people need any introduction to the dangers of security vulnerabilities lurking in open source and third-party code. Open source software has come a long way from being a techno-hippie dream in the late ’80s. Today, it exists nearly […]

Continue Reading...