Software security podcast library

by Cigital on Tuesday, October 7, 2014

Teaming up with SearchSecurity.com, Gary McGraw releases the 102nd monthly Silver Bullet software security podcasts. On this episode Gary chats with Richard Danzig, one time Secretary of the Navy and Board member of the Center for New American Security (among several other things). Gary and Richard discuss Richard’s time at the Department of Defense, what… Read More

BSIMM4 measures and advances secure application development

by Cigital on Tuesday, October 7, 2014

The fourth major release of the BSIMM project was published in September 2012. The original study (March 2009) includes nine firms and nine distinct measurements. The second study (May 2010) includes 30 firms and 42 distinct measurements (some firms include very large subsidiaries that are independently measured). BSIMM3 includes 42 firms, 11 of which were… Read More

McGraw: Financial services develop a proactive posture

by Cigital on Tuesday, October 7, 2014

Proactive Security has become the new way of protecting your software. Gary McGraw discusses the key to making this type of security successful, how it can affect your budget and the positive impact it can have on your software’s future. To read Gary’s full story visit http://searchsecurity.techtarget.com/opinion/McGraw-Financial-services-develop-a-proactive-posture

Gary McGraw: NSA data collection programs demand discussion, scrutiny

by Cigital on Tuesday, October 7, 2014

The National Security Agency has been reported to begin the collection telephone call metadata from domestic U.S. telephone carriers with sweeping surveillance dragnets. Gary McGraw discusses why this, along with other acts of privacy intrusion that need to be observed and reviewed and what you should do because of them. To read Gary’s full story… Read More

Five major technology trends affecting software security assurance

by Cigital on Tuesday, October 7, 2014

In the August article for SearchSecurity.com, Gary McGraw breaks down the five major technology trends in the IT industry today and how they can affect your firm’s software security strategy. Here is a quick look at the trends, Software in everything Unification of the feeds (information to knowledge) BYOD (or else) Ultra-rapid development Big data,… Read More

Software [In]security: BSIMM-V does a number on secure software dev

by Cigital on Tuesday, October 7, 2014

The BSIMM’s newest copy has brought a different “measuring stick for software security” to the table. The three co-authors, Gary McGraw, Jacob West, and Sammy Migues have collaborated together for this article to describe the changes that come with the fifth iteration of the Building Security In Maturity Model project. The BSIMM describes the work… Read More

McGraw: Software [in]security and scaling architecture risk analysis

by Cigital on Tuesday, October 7, 2014

The time has come to focus real attention on software security flaws. Both Secure Architecture Survey (SAS) and its more intense and valuable big brother Architecture Risk Analysis (ARA) are necessary parts of a fully formed software security initiative. Note that any focus on flaws should not be carried out to the detriment of finding… Read More

McGraw: Software [in]security and scaling automated code review

by Cigital on Tuesday, October 7, 2014

Not too many years ago, most firms tackling software security were concerned with whether to automate secure code review. No longer. Today, leading firms know they must automate code review. Nowadays they find themselves concerned with how best to scale their approach. With the help of Aetna’s CISO, Jim Routh, Gary McGraw discusses the need… Read More

McGraw: Firewalls, fairy dust and forensics? Try software security

by Cigital on Tuesday, October 7, 2014

At Cigital, we estimate the 2013 worldwide market for goods and services in IT security at somewhere between $30 billion and $45 billion. Not bad in a world economy still in slow recovery from the Great Recession of 2009. Software security, a submarket of IT security, is growing more than twice as fast, with a… Read More

McGraw on Heartbleed shock and awe: What are the real lessons?

by Cigital on Tuesday, October 7, 2014

For his monthly article in SearchSecurity.com, Gary McGraw along with with special guest Aaron Bedra explain the notorious bug, Heartbleed. They aim to provide insight on how to correct issues within the rest of OpenSSL code, and other source projects that can take advantage of the software security activities and practices of BSIMM. A quick… Read More

Page 1 of 1812345...10...Last »