BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

How enterprises should react to OWASP's updated Top 10

Expert Michael Cobb highlights the changes made in the 2013 OWASP Top 10 list, including new vulnerabilities and what they mean for enterprises.
Opinion: Attack those software architecture flaws

Many defects aren't found with code review. Gary McGraw and Jim DelGrosso think architectural risk analysis is a must to uncover software flaws.
How to reduce open source code security risk

Expert Michael Cobb explains why enterprises need better open source code management to negate the security risks posed by open source libraries.

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What is a virtual directory? The essential application deployment tool

What is a virtual directory? As expert Michael Cobb explains, it can be an extremely helpful secure application deployment tool. Answer
Java Virtual Machine architecture: Applet to applet communication

In a Java Virtual Machine architecture, is it possible for two machines to communicate with one another? Expert Michael Cobb describes how the applet-to-applet communication process works. Answer
Managing application permissions through isolated storage

Application permissions are essential in securing application data. Learn how isolated storage allows secure, controlled access to application files. Answer
Cigital BSIMM 3 study provides software security metrics data

The third iteration of the widely acclaimed Building Security in Maturity Model documents software security initiatives at 42 enterprises. News
Measurement first among secure software development benchmarks

One expert says before implementing secure software development benchmarks, take stock of the security of existing applications. News
Secure coding best practices: PHP and programming language security

Michael Cobb explains how proper secure coding training is much more important than PHP programming language security. Answer
How to mitigate the risk of a TOCTTOU attack

Are TOCTTOU attacks, exploiting time-of-check-to-time-of-use race conditions, a threat to your enterprise file systems? Expert Michael Cobb discusses the dangers and how to mitigate them. Answer
Citigroup attack highlights insufficient authorization error

Citigroup hackers used a common website vulnerability to bypass security controls and reap confidential banking data. News
Cigital acquires Consciere, brings in security vets

Software security consultancy Cigital has acquired Consciere, bringing in security veterans Joel Scambray and Kevin Rich. News
Information security book excerpts and reviews

Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites