Risk assessments metrics and frameworks

  • April 25, 2007 25 Apr'07

    Compliance drives security configuration management

    IT operations is turning to software that monitors security configurations across the enterprise to meet a number of regulations.

  • March 27, 2007 27 Mar'07

    Metasploit Framework 3.0 released

    Brief: Metasploit Framework 3.0 contains 177 exploits, 104 payloads, 17 encoders and 30 auxiliary modules that perform such tasks as host discovery and protocol fuzzing.

  • March 21, 2007 21 Mar'07

    IBM uses model to understand data governance

    Steven Adler, program director of Data Governance Solutions for IBM and chairman of the Data Governance Council, has been working to understand the growing need for data security, the issues surrounding data compliance and data protection problems. ...

  • March 18, 2007 18 Mar'07

    Hacker techniques use Google to unearth sensitive data

    Those who know where to look could use Google to dig up all sorts of sensitive company information, including intellectual property and passwords, one security expert warns.

  • March 08, 2007 08 Mar'07

    Symantec acquires automated risk assessment firm

    Symantec has acquired Reston, Va.-based 4FrontSecurity, a maker of automated risk analysis and security management tools. An expert says it's the latest sign that the security risk assessment market is heating up.

  • February 26, 2007 26 Feb'07

    PatchLink acquires STAT Guardian tool

    PatchLink Corp. says it will add more muscle to its vulnerability management portfolio by acquiring the STAT Guardian tool from IT vendor Harris Corp.

  • February 06, 2007 06 Feb'07

    The Daily Dose: Chris Wysopal blogs from RSA Conference 2007

    In his exclusive daily column from RSA Conference 2007, security pro Chris Wysopal comments on vulnerability disclosure, and says emerging Web application technologies present many new attack vectors that have yet to be discovered.

  • February 06, 2007 06 Feb'07

    RSA Conference 2007: Product announcements

    RSA Conference 2007: Product announcements

  • January 24, 2007 24 Jan'07

    Veracode launches on-demand code analysis service

    New startup Veracode gives customers the ability to analyze the application binary, and not simply the source code.

  • December 14, 2006 14 Dec'06

    Review: Sky's the limit with Skybox View 3.0

    Hot Pick: Skybox View 3.0 offers a unique and flexible approach for assessing and managing specific threats and overall risk to your digital assets.

  • December 05, 2006 05 Dec'06

    IBM to acquire compliance software firm

    IBM plans to acquire Consul Risk Management Inc., a Delft, Netherlands-based firm whose software tracks non-compliant behavior of employees.

  • November 21, 2006 21 Nov'06

    Insider security threats come in many forms

    Insiders could be the greatest threat to a company's security. The best defense is to let them know Big Brother is watching and a plan to deal with troublemakers.

  • November 03, 2006 03 Nov'06

    Review: SPI Dynamics' WebInspect 6.1

    SPI Dynamics has created a powerful tool for novices as well as advanced users who will appreciate the time and effort it saves.

  • October 13, 2006 13 Oct'06

    Security Blog Log: Taking Google Code Search for a spin

    This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security.

  • October 11, 2006 11 Oct'06

    Code-scanning tool automates software review at financial firm

    An investment advisory company uses Fortify's Source Code Analysis code-scanning tool to help catch flaws and enhance its security in-depth approach.