BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

Five key trends jolting software security in 2013

Column: Gary McGraw says five shifts in the IT landscape are affecting software security, but several BSIMM best practices can limit risk exposure.
Why can't I just ignore internal app security threats?

Securing internal applications requires the same due diligence as their Web-facing counterparts. Expert Michael Cobb explains why.
How many revisions make for good code review?

Expert Michael Cobb details how to argue for a multistep secure code review process like the Microsoft SDL, and the pros of secure coding practices.

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Security issues found in the Spring Framework

Ounce Labs recently discovered two security vulnerabilities that can affect Java Web applications that use the Spring Framework. News | 16 Jul 2008
Software still plagued with security holes, researcher says

In this podcast, noted security researcher Greg Hoglund, who specializes in Windows rootkits and secure coding, explains why software is just as vulnerable today as it was in 1999. Article | 30 Jun 2008
Microsoft tools won't be quick fix for SQL injection attacks

Microsoft's security advisory will help raise awareness about secure software coding, but it won't stop the onslaught of SQL injection attacks, experts say. Article | 25 Jun 2008
Gary McGraw on secure software development

In this video, Gary McGraw of Cigital Inc. explains why better secure coding could help thwart future Web 2.0 attacks. He says the industry is making progress. Article | 06 Jun 2008
HP aims at IBM with application vulnerability scanning as service

HP offers application scanning as a service to meet IBM's Watchfire AppScan OnDemand software. Interest is being driven by the growing use of Web applications. Article | 29 May 2008
New hacking technique exploits common NULL programming error

A researcher has discovered a new hacking technique that exploits a programming vulnerability common in many applications. Article | 21 Apr 2008
Application hardening tools help repel software pirates

Application hardening vendors can make life difficult for software pirates, forcing them to turn to more profitable, low-hanging fruit. Article | 20 Mar 2008
Former @stake researchers rekindle past, discuss Symantec spin-off

Dennis Fisher talks to early members of @stake about its history, culture and the company's continued influence on the security industry. Interview | 29 Jan 2008
Federal aid helps uncover open source flaws

A joint project with security vendor Coverity Inc. uncovered flaws in 11 open source projects, including Perl, PHP, Python, Samba and TCL. Article | 10 Jan 2008
Group releases Java standards for secure development

The Secure Programming Council is releasing a set of essential skills for Java developers in an effort to improve software security and educate new programmers. Article | 20 Nov 2007

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites