BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

How enterprises should react to OWASP's updated Top 10

Expert Michael Cobb highlights the changes made in the 2013 OWASP Top 10 list, including new vulnerabilities and what they mean for enterprises.
Opinion: Attack those software architecture flaws

Many defects aren't found with code review. Gary McGraw and Jim DelGrosso think architectural risk analysis is a must to uncover software flaws.
How to reduce open source code security risk

Expert Michael Cobb explains why enterprises need better open source code management to negate the security risks posed by open source libraries.

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Java sandboxing could thwart attacks, but design may be impossible

Basic Java sandboxing has been around since 1995, but flaws in the Java virtual machine are highly targeted. Experts are calling on Oracle to do more. News | 29 Aug 2012
Black Hat 2012: Dan Kaminsky tackles secure software development

Security researcher Dan Kaminsky’s annual "black ops" talk at Black Hat 2012 focused improving secure software development with better code. News | 25 Jul 2012
Chris Wysopal: Web application vulnerabilities an easy target

Despite a decline in SQL injection errors over the last two years, attackers continue to find Web application flaws as easy targets, says Chris Wysopal of Veracode Inc. News | 25 Jun 2012
Gartner: Web app firewalls can support secure application development

Web app firewalls can’t erase the need for secure application development, but Gartner says WAF patching may have a growing role in the enterprise. News | 20 Jun 2012
Wysopal on application security training, program gaps

Application security expert Chris Wysopal of Veracode explains why some software security programs are lacking and how simple steps can produce big gains. News | 21 May 2012
Steve Lipner on the Microsoft SDL, critical infrastructure protection

Microsoft’s senior director of security engineering says core SDL principles should be at the foundation of critical infrastructure system protection. News | 16 May 2012
Reverse engineering tools for mobile apps emerging, expert says

Reverse engineering mobile apps help pen testers find weaknesses and hidden malware, but the various mobile platforms and different versions make automation difficult, according to one expert. News | 27 Apr 2012
Spam filter gets better of Microsoft SDL—almost

Two program managers at SOURCE Boston shared how a serious vulnerability reported to the MSRC fell into a spam filter and caused an out-of-band patch. News | 24 Apr 2012
HP study finds widespread custom Web application flaws

A review of hundreds of unique custom Web applications found more than half are vulnerable to cross-site scripting and more than 86% contain injection flaws. News | 18 Apr 2012
Hunting for application logic flaws requires people, expert says

Rafal Los, a software security expert and consultant with Hewlett Packard, says humans far outgun automated tools in the hunt for costly application logic flaws. News | 10 Apr 2012

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites