Company Blog
Not so Surprising [1,10]
Like Ken and Brian I’m pleased that results from this study are getting out there. I recently participated in the OWASP EU Summit, where Pravir and I conducted a session on the maturity model. The session had valuable industry participation. One of the things I’ve harped on for years now is that experts need to [...]
Structuring for Strategic Cyber Defense: State of the Nation and What We Can Do
I’ve been an organizer of ACSAC in one capacity or another for close to 20 years now, and I’ve managed to attend most years. The conference always meets in early December in a southern US city (2008 in Anaheim, 2009 in Honolulu). This year’s keynote speakers were Sami Saydjari (formerly of NSA and DARPA, and [...]
Science-y fun with the Maturity Model Project
Brian Chess, Sammy Migues and I have been building a maturity model for software security. We decided to base our model on data gathered by interviewing 9 top software security programs. We developed a framework to guide a series of interviews for data acquisition. Though we have not completed the maturity model (analysis continues apace), [...]
New book: Web Security Testing Cookbook
Two of Cigital’s thought leaders, Paco Hope and Ben Walther, just published a new book from O’Reilly called the Web Security Testing Cookbook. I wrote the foreword for the book which is reprinted below. More information about the book can also be found on Facebook. Web applications suffer more than their share of security attacks. [...]
The Three Pillars of Continuous Integration
This is a guest post from Meera Subbarao, a senior consultant at Cigital. Continuous Integration commonly known as CI is a process that consists of continuously compiling, testing, inspecting, and deploying source code. In any typical CI environment, this means running a new build every time code changes within a version control repository. Martin Fowler [...]
