Software Development Methodology
- July 17, 2015
News roundup: Are the tides turning on mobile app safety? One white hat hacker's attempt to reverse-engineer the Subway app offers surprising results. Plus: CloudFlare Transparency Report; another call to eliminate RC4; Black Hat attendant survey.
- June 23, 2015
In its State of Software Security Report, Veracode has found the government has the most vulnerabilities and the lowest rate of remediation in developing Web and mobile apps.
- June 19, 2015
News roundup: Details have emerged about weaknesses in OS X and iOS that allow attackers to upload malware and steal passwords and data. Plus: More jump on HTTPS bandwagon; CSO/CDO salaries increase; 23% of software app components contain flaws.
- June 05, 2015
Security software expert Gary McGraw says testing for security flaws must be automated if everything is going to be checked.
- May 07, 2015
Robert 'Rsnake' Hansen of WhiteHat Security discusses the Aviator Web browser, why Google lashed out against it, the challenges of browser security and lessons learned for developing secure software.
- April 27, 2015
At RSA Conference 2015, a pair of DevOps proponents explained why the nascent movement to integrate development and IT operations staff pays security dividends.
- September 16, 2014
Developers increasingly rely on a variety of open source components, but a VerSprite researcher warns that security issues accompany many popular frameworks.
- June 10, 2014
Video: Chris Wysopal of Veracode discusses the risks of externally sourced code and monitoring its use in the enterprise.
- May 21, 2014
As attackers increasingly target e-commerce websites, vulnerable applications and third-party plug-ins represent an easy avenue of exploitation.
- March 31, 2014
Gary McGraw discusses why the software security segment of the IT security industry is growing at a faster rate than the category as a whole.
- March 10, 2014
Does DevOps sacrifice security to speed software deployments? Experts say DevOps and security can coexist with help from automated security tools.
- February 21, 2014
Both Microsoft and Adobe have issued emergency fixes for active zero-day exploits that bypass the ASLR security mechanism.
- January 28, 2014
Gary McGraw and Jim Routh talk through the pitfalls of scaling static source code review and offer some potential process improvements.
- December 24, 2013
Software architecture risk analysis doesn't have to be hard. Gary McGraw and Jim DelGrosso discuss an easier, more scalable process.
- September 10, 2013
Many defects aren't found with code review. Gary McGraw and Jim DelGrosso think architectural risk analysis is a must to uncover software flaws.