BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

Selling the CIO on secure software development

Selling the CIO and others on secure application development requires understanding how it will impact the development process.
McGraw: Financial services develop a proactive posture

The idea behind proactive security is simple: build security in the first time by following security models like BSIMM and security engineering.
How Adobe turns developers into security 'ninjas'

Video: Adobe CSO Brad Arkin explains how his firm fosters secure software development by inspiring developers to become security 'ninjas.'

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Managing application permissions through isolated storage

Application permissions are essential in securing application data. Learn how isolated storage allows secure, controlled access to application files. Answer
Secure coding best practices: PHP and programming language security

Michael Cobb explains how proper secure coding training is much more important than PHP programming language security. Answer
How to mitigate the risk of a TOCTTOU attack

Are TOCTTOU attacks, exploiting time-of-check-to-time-of-use race conditions, a threat to your enterprise file systems? Expert Michael Cobb discusses the dangers and how to mitigate them. Answer
Can threat modeling tools help with securing mobile applications?

When developing enterprise applications, do you know the quickest way to bridge the gap between an information security team and a development group? Answer
Creating a third-party security policy to prevent a software exploit

Third-party software vulnerabilities are one of the most likely attack vectors in the information security landscape today. In this expert response, Nick Lewis discusses how to prevent these vulnerabilities from becoming exploits. Ask the Expert
Static source code analysis tools: Pros and cons

Static source code analysis tools can greatly improve application security, but it takes knowledge and expertise to use them correctly. Expert Michael Cobb explains why. Ask the Expert
Is it safe to use third-party code when developing database applications?

Michael Cobb explains how you can safely use third-party code, such as DLLs, when developing database applications. Ask the Expert
Tips for writing secure SQL database code

Writing secure code is always a challenge, but it is particularly necessary for SQL databases that would otherwise be vulnerable to SQL injection attacks. Get tips on how to write secure SQL database code in this expert response. Ask the Expert
Should security tests be part of a software quality assurance program?

Application security expert Michael Cobb reviews the essentials of any software quality assurance process. Ask the Expert
Does an EULA make it truly illegal to decompile software?

Michael Cobb explores a legal minefield: the legality of software decompilation. Ask the Expert

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites