Software Development Methodology
- September 16, 2014
Developers increasingly rely on a variety of open source components, but a VerSprite researcher warns that security issues accompany many popular frameworks.
- June 10, 2014
Video: Chris Wysopal of Veracode discusses the risks of externally sourced code and monitoring its use in the enterprise.
- May 21, 2014
As attackers increasingly target e-commerce websites, vulnerable applications and third-party plug-ins represent an easy avenue of exploitation.
- March 31, 2014
Gary McGraw discusses why the software security segment of the IT security industry is growing at a faster rate than the category as a whole.
- March 10, 2014
Does DevOps sacrifice security to speed software deployments? Experts say DevOps and security can coexist with help from automated security tools.
- February 21, 2014
Both Microsoft and Adobe have issued emergency fixes for active zero-day exploits that bypass the ASLR security mechanism.
- January 28, 2014
Gary McGraw and Jim Routh talk through the pitfalls of scaling static source code review and offer some potential process improvements.
- December 24, 2013
Software architecture risk analysis doesn't have to be hard. Gary McGraw and Jim DelGrosso discuss an easier, more scalable process.
- September 10, 2013
Many defects aren't found with code review. Gary McGraw and Jim DelGrosso think architectural risk analysis is a must to uncover software flaws.
- August 09, 2013
Column: Gary McGraw says five shifts in the IT landscape are affecting software security, but several BSIMM best practices can limit risk exposure.