Cigital Security Blog

Analysis, news and insights from Cigital’s team of security experts

October 7, 2015

You take calculated risks every day. Just this morning, say you decided to walk across the street against the light because no cars were in sight and you had to get to work on time. But had that street been a highway—or if you had been with your child—you Read more

October 5, 2015

The 17th annual AT&T Cybersecurity Conference is taking place in New York City on October 5-6. During the two-day event, a security conversation will be taking place among industry leaders about the past, present and bright future of security. Cigital CTO, Gary McGraw, will take the stage on day Read more

September 30, 2015
Author: Ping Ning

Building security into the software development lifecycle (SDLC) has become a common practice in many organizations. The development of secure software involves many activities throughout the SDLC. Cigital’s software security touchpoints specify seven best practices that can be incorporated as security activities in a secure SDLC. These activities are Read more

September 28, 2015
Author: Neil Bahadur

You can build security into your waterfall software development lifecycle (SDLC) when you have days or weeks to dot your i’s and cross your t’s. Don’t have time for that? Well then, agile is the expeditious methodology when adding security considerations into your SDLC. What do you do when you’re Read more

September 24, 2015
Author: Mike Lyman

“All software projects are guaranteed to have one artifact in common – source code. Because of this guarantee, it make sense to center a software assurance activity around code itself.” -Gary McGraw, Software Security: Building Security In When an author sits down to write today, they have great tools Read more

September 23, 2015

Apple is currently taking measures to eradicate hundreds (potentially thousands) of malicious apps recently discovered in the iOS App Store. It has come to light that hackers distributed a modified version of Apple’s developer toolkit, Xcode, which embedded malware known as XcodeGhost into iOS apps as they were being Read more

September 22, 2015
Author: Kevin Glavin

Agile and application security are often spoken of together as oil and water, but are they really? Development in contemporary agile methodologies happens fast. The high frequency of iterations and releases often translates to wildly dynamic application build structures, with new components/modules added regularly throughout the software development lifecycle Read more

September 18, 2015

Caroline Wong, Cigital’s Security Initiative Director, was recently the guest on Jay Schulman’s Building a Life and Career in Security podcast.  Having worked within the security field for the past decade, Caroline has multiple perspectives on life in the security space. With an education in engineering, she entered the Read more

September 17, 2015

The approach needed for scaling a software security initiative (SSI) varies from industry to industry and from business to business, right? That’s one of the questions explored by the Building Security In Maturity Model (BSIMM). But, why now? Computers and software have been around for decades. Why have software Read more

September 16, 2015
Author: Gary McGraw

The facts The U.S. Circuit Court of Appeals recently ruled that the Federal Trade Commission (FTC) has the authority to regulate aspects of corporate cyber security and may penalize those who fail to properly safeguard customer information.  Some background is in order. For a number of years, the FTC Read more

Cigital is one of the world’s largest application security firms. We go beyond traditional testing services to help our clients find, fix and prevent vulnerabilities in the applications that power their business.

Our experts also provide remediation guidance, program design services, and training that empower you to build and maintain secure applications.

Learn More
Subscribe to our Blog