BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

Five key trends jolting software security in 2013

Column: Gary McGraw says five shifts in the IT landscape are affecting software security, but several BSIMM best practices can limit risk exposure.
Why can't I just ignore internal app security threats?

Securing internal applications requires the same due diligence as their Web-facing counterparts. Expert Michael Cobb explains why.
How many revisions make for good code review?

Expert Michael Cobb details how to argue for a multistep secure code review process like the Microsoft SDL, and the pros of secure coding practices.

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Java sandboxing could thwart attacks, but design may be impossible

Basic Java sandboxing has been around since 1995, but flaws in the Java virtual machine are highly targeted. Experts are calling on Oracle to do more. News
Congress should encourage bug fixes, reward secure systems

Cybersecurity policy should encourage bug fixes instead of simply recording and reporting attacks, software security expert Gary McGraw explains. Opinion
Black Hat 2012: Dan Kaminsky tackles secure software development

Security researcher Dan Kaminsky’s annual "black ops" talk at Black Hat 2012 focused improving secure software development with better code. News
Chris Wysopal: Web application vulnerabilities an easy target

Despite a decline in SQL injection errors over the last two years, attackers continue to find Web application flaws as easy targets, says Chris Wysopal of Veracode Inc. News
Gartner: Web app firewalls can support secure application development

Web app firewalls can’t erase the need for secure application development, but Gartner says WAF patching may have a growing role in the enterprise. News
Video: Software Reliability: Building Security In

In this video, learn state-of-the-art techniques for building a secure software development process. Video
Wysopal on application security training, program gaps

Application security expert Chris Wysopal of Veracode explains why some software security programs are lacking and how simple steps can produce big gains. News
Steve Lipner on the Microsoft SDL, critical infrastructure protection

Microsoft’s senior director of security engineering says core SDL principles should be at the foundation of critical infrastructure system protection. News
Gary McGraw: Eliminating badware addresses malware problem

Bad software and malicious software are two different issues that are easily confused, says software security expert Gary McGraw. Opinion
HTML5 security: Will HTML5 replace Flash and increase Web security?

Will HTML5 replace Flash? Expert Michael Cobb discusses whether HTML5 security is better than Flash, and why HTML5 traffic can be harder to secure. Tip

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites