BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

How enterprises should react to OWASP's updated Top 10

Expert Michael Cobb highlights the changes made in the 2013 OWASP Top 10 list, including new vulnerabilities and what they mean for enterprises.
Opinion: Attack those software architecture flaws

Many defects aren't found with code review. Gary McGraw and Jim DelGrosso think architectural risk analysis is a must to uncover software flaws.
How to reduce open source code security risk

Expert Michael Cobb explains why enterprises need better open source code management to negate the security risks posed by open source libraries.

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Microsoft to fold security into Windows division

The software giant said the move would make future Windows development efforts more efficient. The changes take effect after Microsoft releases Vista. Article
Security Blog Log: Taking Google Code Search for a spin

This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security. Column
Google Code Search gives security experts a sinking feeling

The new search tool from Google can help developers find useful code examples. But security experts worry that it also will make attackers' jobs that much easier. Article
Code-scanning tool automates software review at financial firm

An investment advisory company uses Fortify's Source Code Analysis code-scanning tool to help catch flaws and enhance its security in-depth approach. Article
Microsoft delivers 10 patches and tool update

Updated: Microsoft released six critical patches and updated a software tool Tuesday, but a technical problem prevented the company from pushing the fixes out via its automated tools. Article
If e-thieves want your vote, they can have it

This week in Security Blog Log, researchers focus on flaws in Diebold's electronic voting machine. Attackers could easily exploit them to tamper with your vote, they claim. Column
Oracle expert warns of weakness in PL/SQL

A well-known Oracle bug hunter says the wrapping mechanism used for PL/SQL -- the flagship language used in Oracle databases -- can be unraveled, exposing sensitive data. Article
Ruby on Rails development tool has 'serious' flaw

Those who use the emerging Ruby on Rails open source Web application development framework are urged to switch to version 1.1.5 to fix an undisclosed security hole. Article
Ajax threats worry researchers

Black Hat: While it makes smooth Web applications like Google Maps possible, the rush to adopt Ajax may fuel haphazard development and a feeding frenzy among hackers. Article
Russinovich now belongs to Microsoft

Winternals and its well-known technical leader, Mark Russinovich, are now part of Microsoft. The software giant has acquired Winternals for an undisclosed fee. Article

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites