BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

How enterprises should react to OWASP's updated Top 10

Expert Michael Cobb highlights the changes made in the 2013 OWASP Top 10 list, including new vulnerabilities and what they mean for enterprises.
Opinion: Attack those software architecture flaws

Many defects aren't found with code review. Gary McGraw and Jim DelGrosso think architectural risk analysis is a must to uncover software flaws.
How to reduce open source code security risk

Expert Michael Cobb explains why enterprises need better open source code management to negate the security risks posed by open source libraries.

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Little being done to prevent Web application threats, analysts say

Vulnerabilities in HTML 5 make it an emerging threat; however, SQL injection and XSS remain among the top attacks. News
BSIMM study expands scope, identifies new software security activities

BSIMM4 found some firms actively scanning for malicious code from rogue developers. Crisis simulation scenarios improve product security response. News
H.264 vs Flash: Using the H.264 codec as a secure Flash alternative

Can the H.264 video codec serve as a more secure Flash alternative? Expert Nick Lewis provides a security breakdown of H.264 vs Flash. Answer
Java sandboxing could thwart attacks, but design may be impossible

Basic Java sandboxing has been around since 1995, but flaws in the Java virtual machine are highly targeted. Experts are calling on Oracle to do more. News
Congress should encourage bug fixes, reward secure systems

Cybersecurity policy should encourage bug fixes instead of simply recording and reporting attacks, software security expert Gary McGraw explains. Opinion
Black Hat 2012: Dan Kaminsky tackles secure software development

Security researcher Dan Kaminsky’s annual "black ops" talk at Black Hat 2012 focused improving secure software development with better code. News
Chris Wysopal: Web application vulnerabilities an easy target

Despite a decline in SQL injection errors over the last two years, attackers continue to find Web application flaws as easy targets, says Chris Wysopal of Veracode Inc. News
Gartner: Web app firewalls can support secure application development

Web app firewalls can’t erase the need for secure application development, but Gartner says WAF patching may have a growing role in the enterprise. News
Video: Software Reliability: Building Security In

In this video, learn state-of-the-art techniques for building a secure software development process. Video
Wysopal on application security training, program gaps

Application security expert Chris Wysopal of Veracode explains why some software security programs are lacking and how simple steps can produce big gains. News

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites