BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

Five key trends jolting software security in 2013

Column: Gary McGraw says five shifts in the IT landscape are affecting software security, but several BSIMM best practices can limit risk exposure.
Why can't I just ignore internal app security threats?

Securing internal applications requires the same due diligence as their Web-facing counterparts. Expert Michael Cobb explains why.
How many revisions make for good code review?

Expert Michael Cobb details how to argue for a multistep secure code review process like the Microsoft SDL, and the pros of secure coding practices.

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Researchers aim to smarten Web application security scanners

Adding the "human element" to scanners could help pen testers evaluate a larger portion of an application's attack surface, according to two researchers at SOURCE Boston 2010. Article | 22 Apr 2010
Metasploit creator sees no end to software security vulnerability issues

Metasploit creator and vulnerability expert H.D. Moore says secure coders are doing a better job creating applications with fewer bugs, but an ever increasing number of applications leaves no shortage in the number of new software vulnerabilities. In... Interview | 13 Apr 2010
Secure software development lifecycle still lacking at dev firms

Survey finds more firms adding security into the software development lifecycle, still many fail to use a formal methodology. Article | 12 Apr 2010
Google researchers out kernel bugs in Windows, Linux and VMware

Google engineers find 20 kernel flaws, half of which are still not patched. Article | 31 Mar 2010
Static analysis tools boost security, but integration still an issue

Code analysis tools are available and help improve security, but why do some firms shun them? Article | 22 Mar 2010
Secure software development is difficult, but tools, techniques improving, expert says

The SANS Institute and MITRE Corp. issued an update to the CWE/SANS Top 25 Programming Errors List last week, focusing mitigation techniques that could be adopted into the security development lifecycle to he... Interview | 22 Feb 2010
SANS Institute, MITRE release new top 25 dangerous coding errors list

The latest list adds profiles to help organizations tailor the list to their needs and mitigation techniques to help software developers apply better practices to the SDL. Article | 16 Feb 2010
Microsoft extends SDL program, adds Agile development template

Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced. Article | 02 Feb 2010
Malware in Google attacks uses spaghetti code

Coding technique designed to tie up reverse engineers has been used in the past, Symantec says. News | 26 Jan 2010
Self-defending Web applications thwart attacks

Michael Coates, a volunteer with OWASP, is leading a project that helps developers inject code into applications to give them self-defense mechanisms. News | 14 Jan 2010

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites