Premium Content

Access "Application security policy after Heartbleed"

Issue Overview

Information Security magazine - September 2014 Vol. 16 / No. 7

Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of third-party libraries and components in projects. How do security teams go about documenting code to ensure it's up-to-date, patched and still secure? How can information security professionals enforce development best practices and compliance with application security policy across the enterprise? Michael Cobb looks at the risks of open source software and how to manage them, in this month's cover story. Robert Richardson also writes about the dangers of open source software and explains why he thinks community-driven audits such as the TrueCrypt project are a great place to start, but may not go far enough. The state of encryption and how key management may present a barrier to wider adoption is explored by technology journalist Rob Lemos.   Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free

  • Strategies for a successful data protection program
    data_protection_2014.png
    E-Handbook

    Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...

  • Devices, data and how enterprise mobile management reconciles the two
    ISM_supp_1014.png
    E-Zine

    The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...

  • Putting security on auto-pilot: What works, what doesn't
    security_auto-pilot.png
    E-Handbook

    For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...