Access your Pro+ Content below.
Application security policy after Heartbleed
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of third-party libraries and components in projects. How do security teams go about documenting code to ensure it's up-to-date, patched and still secure? How can information security professionals enforce development best practices and compliance with application security policy across the enterprise? Michael Cobb looks at the risks of open source software and how to manage them, in this month's cover story. Robert Richardson also writes about the dangers of open source software and explains why he thinks community-driven audits such as the TrueCrypt project are a great place to start, but may not go far enough. The state of encryption and how key management may present a barrier to wider adoption is explored by technology journalist Rob Lemos.
Access this PRO+ Content for Free!
Features in this issue
Worried about the stability of your software security? Lower your risk by rewriting policy and procedures for development with open source and third-party components.
This Beyond the Page feature explores some new tools for security pros to vet open source libraries and manage security vulnerabilities.
Encryption deployment can reduce the impact of a security breach. But the complexity of key management prevents some companies from wider adoption.
As networking technologies move onto the factory floor, security executives bridge the gap between IT and industrial network security.
Columns in this issue
Fears of backdoors and heightened concerns about encryption software are running rampant.
A Fortune 500 veteran chats with Marcus Ranum about her management career and what it takes to reach the top of the security pyramid.
Open source needs some sort of body that promotes secure architectural design and coding, says Robert Richardson.