OWASP Security Spending Benchmarks Project

Home
Topics
Topics Archive
Security Resources
OWASP Security Spending Benchmarks Project

OWASP Security Spending Benchmarks Project

OWASP Security Spending Benchmarks Project

Date: Mar 27, 2009

An ongoing OWASP project investigates company spending on software development. Boaz Gelbord, executive director of information security at Wireless Generation Inc., organized the report with Jeremiah Grossman, chief technology officer of WhiteHat Security Inc. In this video, Gelbord explains some of the survey findings. A majority of companies surveyed are getting an independent third-party security review of software code, Gelbord said. He was interviewed at SecureWorld Boston Expo 2009 by SearchSecurity.com News Editor, Robert Westervelt.

More on Security Resources

Adobe: Increasing transparency and the secure product lifecycle
VIDEO - Brad Arkin discusses why Adobe created his role, how it engages the security research community and how Adobe has learned that talking about security isn't a bad thing.
201 CMR 17 compliance: What you need to know
VIDEO - The new Massachusetts data protection law, 201 CMR 17, is known as one of the most stringent laws of its kind. In this interview, David Navetta of the Information Law Group discusses how enterprises should approach compliance with this law.
Attending a TechTarget Event?
Custom - Thank you for your interest in TechTarget events. If you've attended one of our shows, you may be eligible to receive CPE credits. To find out how to claim your credits, please read the rules and regulations below.
How You Can Earn CPE Credits
Custom - Thank you for your interest in our digital edition of Information Security Magazine. All readers of Information Security Magazine who are (ISC)² members qualify to receive Continuing Professional Education (CPE) credits. For more information on how to claim your CPE credits, please read the rules and regulations below.
Coming in Storage magazine's February 2011 issue
Magazine - A sneak peek at Storage magazine's next issue.
differential power analysis (DPA)
Definition - A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.
New Adobe Reader X fortifies PDF viewer against attacks
News - Adobe Reader X uses Microsoft's sandboxing technology to block potentially dangerous processes from executing beyond the confines of the software.
( Nov 23, 2010 )

More from Related TechTarget Sites

Security Channel
Cloud Security
SMB Security
Financial Security
Security UK
Security AU
Security IN

Security Channel
- Survey results: VARs report customers’ IT spending 2012 expectations
  
  VARs expect customers to increase spending on security more than any other IT area in 2012. See which security segments will grow the most.
- Create a computer security blog to attract and retain customers
  
  Blogging can produce new leads for security solution providers. Focus on content in your computer security blog that connects with customers.
- Penetration testing tutorial: Guidance for effective pen tests
  
  This penetration testing tutorial contains essential tips to help solution providers uncover vulnerabilities in clients’ networks.
Cloud Security
- Are cloud providers HIPAA business associates?
  
  Deciding whether your cloud provider is a business associate comes down to a judgment call based on the type of cloud usage.
- SaaS security: Weighing SaaS encryption options
  
  A look at SaaS encryption techniques and challenges.
- Panel debates cloud computing governance issues
  
  Problems with data governance in the cloud aren’t much different than traditional outsourcing.
searchMidmarketSecurity
- Windows Phone 7 security: Assessing WP7 security features
  
  Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.
- Choosing the best security certifications for your career
  
  Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.
- Midmarket security tutorials
  
  SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.
searchFinancialSecurity
- Web application threats: What you really need to know
  
  In this special presentation, Mike Rothman details today's top Web application threats and pragmatic methods to integrate security into the Web application development process.
- Ramnit worm variant now dangerous banking malware
  
  The Ramnit worm now supports man-in-the-middle attacks, giving cybercriminals the ability to drain a victim’s bank account.
- SIEM vendors make the case for extending SIEM product capabilities
  
  Advanced features can reduce the threat of wire fraud. New rule sets can be shared among banks and credit unions.
Security UK
- Survey: Types of DDoS attacks on the rise due to hacktivist groups
  
  New DDoS statistics suggest hactivist groups are to blame for an increase in the number and types of DDoS attacks across the Internet.
- Web application vulnerability statistics show security losing ground
  
  New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks.
- Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
  
  Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6.
searchSecurityAU
- AISA launches new website
  
  With a reinvigorated look and feel, improved back-end infrastructure, and regularly updated information about the association the Australian Information Security Association website has been re-launched for the benefit of its members and the Australian IT Security industry.
- Cisco hardening guides for IOS, IOS-XR and NX-OS devices
  
  Patching routing and switching infrastructure in any organisation is often delayed, sometimes due to the potential impact on production systems and sometimes because the IT resources are simply too busy fighting fires.
- Cloud providers and data sovereignty issues
  
  Australian cloud provider Ninefold warn that understanding who has legal access to company and personal private data is not as simple as checking a box and selecting the 'in-country' option.
Information Security
- IDFC’s information security awareness week tastes success with ‘Mr Gobo’
  
  Financial major IDFC set out to craft its information security awareness initiative with a portal that led users via a ‘Mafia don’s den’. Step in for more.
- Longstanding security problems plague enterprises, Trustwave finds
  
  While organizations focus on mobile security and other emerging threats, an analysis of more than 2,000 penetration tests conducted by Trustwave found older threats often overlooked.
- Backtrack 5 PDF tutorial compendium: A pen-tester’s ready reckoner
  
  Our BackTrack 5 PDF tutorials collection will help you hone your edge, whether you are a security professional or an enthusiast. Best yet, they are free!

All Rights Reserved, Copyright 2000 - 2012, TechTarget