BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

Five key trends jolting software security in 2013

Column: Gary McGraw says five shifts in the IT landscape are affecting software security, but several BSIMM best practices can limit risk exposure.
Why can't I just ignore internal app security threats?

Securing internal applications requires the same due diligence as their Web-facing counterparts. Expert Michael Cobb explains why.
How many revisions make for good code review?

Expert Michael Cobb details how to argue for a multistep secure code review process like the Microsoft SDL, and the pros of secure coding practices.

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Eye On: Secure Software Development

This special report explores software security: reducing vulnerabilities and improving development processes. Article
Security pros find software code security improvements, weigh next step

Secure coding practices are improving at many software vendors, fueled by an increased emphasis on secure coding frameworks, training and new processes. News
Secure software development: Getting started

Chris Eng, senior security researcher at Veracode Inc., explains how firms can get started improving their software development processes. Video
Microsoft cites software security progress despite sluggish ASLR support

Microsoft's 2010 SDL progress report praised the software security program's steady progress, but points out room for further improvements. Article
Common Weakness Enumeration (CWE)

Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software... (Continued) Definition
Industry groups, businesses attempt security awareness training plan

Security training and education is one of the first investments made by an organizations after poor audit results or a data breach, experts say. Article
Can threat modeling tools help with securing mobile applications?

When developing enterprise applications, do you know the quickest way to bridge the gap between an information security team and a development group? Answer
Secure application development processes improving, expert says

In this interview conducted at RSA Conference 2011, Gary McGraw, chief technology officer at Cigital Inc., a software security and quality consulting firm, explains how more organizations are embracing software development processes to improve the co... Video
Microsoft releases Attack Surface Analyzer to developers

The newly released tool helps developers identify whether newly installed applications change the attack surface of Microsoft Windows. Article
Sandboxing technology bolsters security, but it has weaknesses, expert says

Adobe Systems, Google, Microsoft and others are deploying applications that use sandboxing technology to defend against potential attacks, but savvy hackers know how to bypass it. Interview

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites