BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

How enterprises should react to OWASP's updated Top 10

Expert Michael Cobb highlights the changes made in the 2013 OWASP Top 10 list, including new vulnerabilities and what they mean for enterprises.
Opinion: Attack those software architecture flaws

Many defects aren't found with code review. Gary McGraw and Jim DelGrosso think architectural risk analysis is a must to uncover software flaws.
How to reduce open source code security risk

Expert Michael Cobb explains why enterprises need better open source code management to negate the security risks posed by open source libraries.

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Managing identities in hybrid worlds

The world in which successful IAM programs must be implemented is increasingly complex, a mix of legacy on-premise IAM infrastructures, cloud-based IDaaS for hybrid cloud infrastructures, and mobile devices that are either an authentication token in ... E-Zine
Is sandboxing the answer to Adobe Acrobat, Adobe Reader security woes?

Expert Michael Cobb assesses the impact of sandboxing on Adobe Acrobat and Adobe Reader security. Can enterprises trust Adobe's new security methods? Answer
Gary McGraw on evolution of BSIMM maturity framework

Video: McGraw discusses the past and future of the BSIMM maturity framework for software security, and how vendors like Adobe and Microsoft measure up. Video
McGraw's mobile app security strategy: Three legs of 'trusted on busted'

Struggling to define your mobile app security strategy? Gary McGraw offers a manifesto to help get infosec and app developers on the same page. Column
How to negate business logic attack risk: Improve security in the SDLC

Expert Nick Lewis details the threat posed by business logic attacks and how stressing the importance of security in the SDLC can reduce that threat. Tip
Testing, assessment methods offer third-party software security assurance

No ultimate test can give third-party software a clean bill of health, but careful assessment can help organizations gain more control over vendors. Opinion
Thirteen principles to ensure enterprise system security

Designing sound enterprise system security is possible by following Gary McGraw's 13 principles, many of which have held true for decades. Column
stack overflow

A stack overflow is an undesirable condition in which a particular computer program tries to use more memory space than the call stack has available. In programming, the call stack is a buffer that stores requests that need to be handled. Definition
Deploying DLP technology requires hands-on approach, experts say

Preventing data loss incidents involves sound policy, knowledge of the threat landscape and constant vigilance over your DLP system, experts say. News
Twelve common software security activities to lift your program

Software security expert Gary McGraw explains the processes commonly found in highly successful software security programs. Opinion

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites