BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

How enterprises should react to OWASP's updated Top 10

Expert Michael Cobb highlights the changes made in the 2013 OWASP Top 10 list, including new vulnerabilities and what they mean for enterprises.
Opinion: Attack those software architecture flaws

Many defects aren't found with code review. Gary McGraw and Jim DelGrosso think architectural risk analysis is a must to uncover software flaws.
How to reduce open source code security risk

Expert Michael Cobb explains why enterprises need better open source code management to negate the security risks posed by open source libraries.

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Steve Lipner on the Microsoft SDL, critical infrastructure protection

Microsoft’s senior director of security engineering says core SDL principles should be at the foundation of critical infrastructure system protection. News
Gary McGraw: Eliminating badware addresses malware problem

Bad software and malicious software are two different issues that are easily confused, says software security expert Gary McGraw. Opinion
HTML5 security: Will HTML5 replace Flash and increase Web security?

Will HTML5 replace Flash? Expert Michael Cobb discusses whether HTML5 security is better than Flash, and why HTML5 traffic can be harder to secure. Tip
Reverse engineering tools for mobile apps emerging, expert says

Reverse engineering mobile apps help pen testers find weaknesses and hidden malware, but the various mobile platforms and different versions make automation difficult, according to one expert. News
Spam filter gets better of Microsoft SDL—almost

Two program managers at SOURCE Boston shared how a serious vulnerability reported to the MSRC fell into a spam filter and caused an out-of-band patch. News
HP study finds widespread custom Web application flaws

A review of hundreds of unique custom Web applications found more than half are vulnerable to cross-site scripting and more than 86% contain injection flaws. News
Hunting for application logic flaws requires people, expert says

Rafal Los, a software security expert and consultant with Hewlett Packard, says humans far outgun automated tools in the hunt for costly application logic flaws. News
Gary McGraw on software security assurance: Build it in, build it right

If the field of computer security is to be fixed, the only hope we have is building security in, says software security expert Gary McGraw. Opinion
Gary McGraw: Build security in from start

If the field of computer security is to be fixed, the only hope we have is building security in, says software security expert Gary McGraw. News
Nothing funny about SCADA and ICS security

A researcher calls the state of industrial control system security “laughable” and warns of the consequences of unpatched critical infrastructure that is reachable over the Internet. News

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites