BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

Five key trends jolting software security in 2013

Column: Gary McGraw says five shifts in the IT landscape are affecting software security, but several BSIMM best practices can limit risk exposure.
Why can't I just ignore internal app security threats?

Securing internal applications requires the same due diligence as their Web-facing counterparts. Expert Michael Cobb explains why.
How many revisions make for good code review?

Expert Michael Cobb details how to argue for a multistep secure code review process like the Microsoft SDL, and the pros of secure coding practices.

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Cigital BSIMM 3 study provides software security metrics data

The third iteration of the widely acclaimed Building Security in Maturity Model documents software security initiatives at 42 enterprises. News
Measurement first among secure software development benchmarks

One expert says before implementing secure software development benchmarks, take stock of the security of existing applications. News
Secure coding best practices: PHP and programming language security

Michael Cobb explains how proper secure coding training is much more important than PHP programming language security. Answer
How to mitigate the risk of a TOCTTOU attack

Are TOCTTOU attacks, exploiting time-of-check-to-time-of-use race conditions, a threat to your enterprise file systems? Expert Michael Cobb discusses the dangers and how to mitigate them. Answer
Citigroup attack highlights insufficient authorization error

Citigroup hackers used a common website vulnerability to bypass security controls and reap confidential banking data. News
Cigital acquires Consciere, brings in security vets

Software security consultancy Cigital has acquired Consciere, bringing in security veterans Joel Scambray and Kevin Rich. News
Information security book excerpts and reviews

Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
Software remediation can get caught in organizational issues

Running an application security program requires more than a solid budget. It needs a person with deep knowledge of the organization and its engineering processes. News
UTM features: Is a UTM device right for your layered defense?

Expert Mike Chapple explores what features a contemporary UTM device provides, and explains the factors that help determine UTM total cost of ownership. Tip
Marcus Ranum on the consequences of poor software design

Marcus Ranum discusses the consequences of poor software design and what can be done to ensure this does not happen in the future. Video

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites