Access "Testing, assessment methods offer third-party software security assurance"
This article is part of the February 2013/ Volume 15 / No. 1 issue of The China Syndrome: Security factors to consider before buying Chinese IT
Software is not created equal, especially when it comes to security. I’ve done my fair share of talking in this column about how to create and measure a software security initiative to make sure the software you build yourself is secure and I’ve even talked about how to get started with a brand new software security initiative. How can you tell whether the software you buy or outsource to others to build is secure enough? Do you trust your vendors? Do all vendors do the same thing when it comes to software security? (Hint: the answers are “good question,” “why?” and “no.”) Every enterprise depends on software Every modern enterprise uses lots of software. Some enterprise software is homegrown, but a vast majority of enterprise software is third-party software built and maintained by outside vendors. Third-party software itself comes in several flavors: it can be custom built to specification, it can be commercial off-the-shelf software (COTS), and it can live in the cloud as part of a Software as a Service (SaaS) model. Many large firms are working hard on ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
The Huawei security risk: Factors to consider before buying Chinese IT
by Joel Snyder, Contributor
Cover story: The U.S. government says Chinese IT giants Huawei and ZTE pose too much risk. But do they? Joel Snyder offers his take.
-
BYOD security strategies: Balancing BYOD risks and rewards
by Lisa Phifer, Contributor
Allowing employee-owned mobile devices doesn’t have to mean accepting all BYOD risks. Infosec pros share their BYOD security strategies.
-
The Huawei security risk: Factors to consider before buying Chinese IT
by Joel Snyder, Contributor
-
-
IT Security Trends 2013: Mobile security concerns tops the list
by Robert Richardson
-
IT Security Trends 2013: Mobile security concerns tops the list
by Robert Richardson
-
News
-
Offensive security involves proactive deception tactics
by Robert Westervelt, News Director
Going on the offense doesn’t mean actively targeting cybercriminals, experts say. Deceptive tactics, phony documents can help trip up attackers.
-
Offensive security involves proactive deception tactics
by Robert Westervelt, News Director
-
Columns
-
2013 Security Priority Survey, security risks when buying IT hardware from China
by Robert Richardson, Editorial Director
Information Security Magazine reveals the results of its 2013 Security Priority Survey and examines the security risks associated with purchasing IT hardware from China. Elsewhere in the issue, infosec pros share their strategies for BYOD security.
-
Information assurance training programs create new cadre of IT security pros
by Doug Jacobson and Julie A. Rursch
University information assurance programs are varied, but they are beginning to provide technology disciplines a level of security knowledge.
-
Testing, assessment methods offer third-party software security assurance
by Gary McGraw, Contributor
No ultimate test can give third-party software a clean bill of health, but careful assessment can help organizations gain more control over vendors.
-
2013 Security Priority Survey, security risks when buying IT hardware from China
by Robert Richardson, Editorial Director
More Premium Content Accessible For Free
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...
Enterprise network security visibility: Beyond traditional defenses
E-Handbook
Organizations have implemented various network security technologies to gain better visibility into their networks. However, these security ...
Compliance and risk modeling
E-Zine
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting ...