As Justice League readers know, I have been writing a security column since October 2004. I started with Network Magazine, and stayed with CMP through the launch of darkreading.com. In April, I moved the column to informIT. All of the columns can be found here.

Many of my columns end up being about issues in software security. In particular, the articles I point to below may be of interest to blog readers. Note that some of them are appropriate for business leadership.

To make things easy going forward, we just set up an RSS feed set up for my writings. You can subscribe to that here.

Software Security Columns

Is Application Security Training Worth the Money? [2/06]

Want Turns to Need (software security market size 2006) [4/07]

JSON, Ajax & Web 2.0 [6/07]

Software Security Strategies (4 ways to start an enterprise program) [1/08]

Paying for Secure Software (using total cost of ownership for software projects) [4/08]

Application Assessment as a Factory [7/08]

Software Security Demand Rising (software security market size 2007) [8/08]

Getting Past the Bug Parade (the importance of addressing architecture) [9/08]

This is a guest post from Brian Mizelle, a managing principal at Cigital.

Today, Microsoft announced the launching of its SDL Pro Network. Cigital is proud to be part of this pilot offering, and pleased to continue to take the message (and the delivery) of software security to the market. As a network of independent software security professionals, the SDL Pro Network will collectively take our best of breed experiences and work collaboratively to develop unified service offerings around Microsoft’s SDL methodology.

At Cigital we are proud of our extensive experience running more than six large-scale enterprise software security initiatives spanning customers in financial services, independent software vendors, and embedded systems. We have trained several thousand developers, architects and executives on the fundamentals of software security. We have rolled out tools and best practices for many of our best customers. We have helped to grow the software security market from its infancy. Cigital is the largest and most experienced software security services provider in the world, and we look forward to continuing our market leadership through our partnership with Microsoft.

The number of firms delivering software security services is small and forms a tightly knit community, including companies of varying sizes, experience and areas of expertise. As a group, we have all read and embraced the three top software security methodologies, including CLASP from OWASP, the Touchpoints from our own CTO Dr. Gary McGraw, and of course, Microsoft’s SDL. Regardless of what flavor of methodology our customers subscribe to, we all share the common goal of educating and delivering services that protect our clients’ assets and good name through better software security. Collaborative efforts that bring together the best minds in the business can only help improve what we do with our own customers and broaden our thoughts on the subject.

Kudos to Microsoft for pulling the SDL Pro Network together. Our clients will all benefit from the experience…stay tuned to this space for more.