BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

Five key trends jolting software security in 2013

Column: Gary McGraw says five shifts in the IT landscape are affecting software security, but several BSIMM best practices can limit risk exposure.
Why can't I just ignore internal app security threats?

Securing internal applications requires the same due diligence as their Web-facing counterparts. Expert Michael Cobb explains why.
How many revisions make for good code review?

Expert Michael Cobb details how to argue for a multistep secure code review process like the Microsoft SDL, and the pros of secure coding practices.

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

New skills for the QA tester: Scripting, security

Software quality assurance is gaining respect as a profession -- but do QA testers have the scripting and security skills the role now requires? Quality Time | 17 May 2013
Deploying DLP technology requires hands-on approach, experts say

Preventing data loss incidents involves sound policy, knowledge of the threat landscape and constant vigilance over your DLP system, experts say. News | 11 Dec 2012
Twelve common software security activities to lift your program

Software security expert Gary McGraw explains the processes commonly found in highly successful software security programs. Opinion | 07 Dec 2012
Enterprises at core of vendor software security testing, Veracode finds

Less than one in five enterprises have requested code-level security tests from at least one vendor, but the volume of assessments is growing. News | 13 Nov 2012
Gary McGraw: Proactive defense prudent alternative to cyberwarfare

Software security expert Gary McGraw explains that the U.S. should build proactive defense capabilities rather than pour billions into cyberweapons. News | 01 Nov 2012
Web app design at the core of coding weaknesses, attacks, says expert

When addressing Web application threats and vulnerabilities, security teams need to look out for design flaws, says Mike Shema of Qualys, Inc. News | 16 Oct 2012
Ten commandments for software security

Software security expert Gary McGraw provides actionable guidance based on analysis of dozens of software security firms. Opinion | 04 Oct 2012
Firms failing at mobile application development security, study finds

Security is failing to gain a priority in the rush to build and test mobile applications, according to a study by Capgemini. News | 19 Sep 2012
Little being done to prevent Web application threats, analysts say

Vulnerabilities in HTML 5 make it an emerging threat; however, SQL injection and XSS remain among the top attacks. News | 19 Sep 2012
BSIMM study expands scope, identifies new software security activities

BSIMM4 found some firms actively scanning for malicious code from rogue developers. Crisis simulation scenarios improve product security response. News | 17 Sep 2012

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites