BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

Five key trends jolting software security in 2013

Column: Gary McGraw says five shifts in the IT landscape are affecting software security, but several BSIMM best practices can limit risk exposure.
Why can't I just ignore internal app security threats?

Securing internal applications requires the same due diligence as their Web-facing counterparts. Expert Michael Cobb explains why.
How many revisions make for good code review?

Expert Michael Cobb details how to argue for a multistep secure code review process like the Microsoft SDL, and the pros of secure coding practices.

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Code-scanning tool automates software review at financial firm

An investment advisory company uses Fortify's Source Code Analysis code-scanning tool to help catch flaws and enhance its security in-depth approach. Article
Microsoft delivers 10 patches and tool update

Updated: Microsoft released six critical patches and updated a software tool Tuesday, but a technical problem prevented the company from pushing the fixes out via its automated tools. Article
If e-thieves want your vote, they can have it

This week in Security Blog Log, researchers focus on flaws in Diebold's electronic voting machine. Attackers could easily exploit them to tamper with your vote, they claim. Column
Oracle expert warns of weakness in PL/SQL

A well-known Oracle bug hunter says the wrapping mechanism used for PL/SQL -- the flagship language used in Oracle databases -- can be unraveled, exposing sensitive data. Article
Ruby on Rails development tool has 'serious' flaw

Those who use the emerging Ruby on Rails open source Web application development framework are urged to switch to version 1.1.5 to fix an undisclosed security hole. Article
Ajax threats worry researchers

Black Hat: While it makes smooth Web applications like Google Maps possible, the rush to adopt Ajax may fuel haphazard development and a feeding frenzy among hackers. Article
Russinovich now belongs to Microsoft

Winternals and its well-known technical leader, Mark Russinovich, are now part of Microsoft. The software giant has acquired Winternals for an undisclosed fee. Article
Security Bytes: Consultant cracks FBI database

In other news, a Google Reader flaw is addressed and OpenOffice patches three security holes attackers could use to tamper with files. Article
Microsoft's new security chief: 'We've come a long way'

Microsoft's newest top cop plans on getting his hands dirty. Ben Fathi, recently named chief of Microsoft's Security Technology Unit, said he is ready to jump into design and development to push forward the company's security offerings.
A corpor... Interview
Security Blog Log: Doing good with exploit code

This week, IT pros take note of the latest Microsoft patches and exploit code. Also, a look at why exploit code isn't always evil. Column

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites