Risk assessments metrics and frameworks

  • November 03, 2006 03 Nov'06

    Review: SPI Dynamics' WebInspect 6.1

    SPI Dynamics has created a powerful tool for novices as well as advanced users who will appreciate the time and effort it saves.

  • October 13, 2006 13 Oct'06

    Security Blog Log: Taking Google Code Search for a spin

    This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security.

  • October 11, 2006 11 Oct'06

    Code-scanning tool automates software review at financial firm

    An investment advisory company uses Fortify's Source Code Analysis code-scanning tool to help catch flaws and enhance its security in-depth approach.

  • October 11, 2006 11 Oct'06

    Google Code Search gives security experts a sinking feeling

    The new search tool from Google can help developers find useful code examples. But security experts worry that it also will make attackers' jobs that much easier.

  • September 21, 2006 21 Sep'06

    CISOs and the false sense of security

    As many of our regular readers know, Ira Winkler is not a big fan of the way most research firms gather and present information – and he's not shy about hammering the point home. This time around, Winkler says a recent survey touching on the ...

  • August 28, 2006 28 Aug'06

    Third-party patching: Prudent or perilous?

    Security patches issued by third parties have become more prevalent in recent months, and while some security pros endorse them, others say they're more trouble than they're worth.

  • August 16, 2006 16 Aug'06

    August patch management woes strike again

    With security authorities warning of a big potential attack against the latest Windows flaws, IT pros have several theories on why the month of August is always so much trouble.

  • August 07, 2006 07 Aug'06

    VA desktop PC stolen, 36,000 could be at risk

    Update: The incident marks the second time in less than three months that a VA device with sensitive information has been compromised. One expert blames the systematic problem of too much internal trust.

  • August 04, 2006 04 Aug'06

    Vendors reject preferential knowledge sharing

    While Cisco continues to investigate a potential PIX firewall flaw, it and other vendors say sharing security information quickly and indiscriminately is always the best policy.

  • August 02, 2006 02 Aug'06

    Brief: Moore releases flaw-finding tool

    On the eve of Black Hat, Metasploit Project founder H.D. Moore has released a new tool for finding vulnerabilities in Internet Explorer ActiveX controls, and an updated version of the Metasploit Framework.

  • June 20, 2006 20 Jun'06

    Total security is just an illusion

    When it comes to buying and implementing security systems, experts say CIOs must surrender the notion they can foresee and prevent all threats.

  • June 02, 2006 02 Jun'06

    Security Blog Log: The bright side of the VA data theft

    Is there a silver lining in the cloud that hangs over millions of veterans whose data was recently compromised? Some security bloggers think so.

  • May 31, 2006 31 May'06

    Security Bytes: Symantec fixes software flaw

    Meanwhile: Microsoft prepares to roll out OneCare Live, McAfee hopes Falcon will soar and malicious email poses as a Microsoft security notice.

  • May 16, 2006 16 May'06

    Survey: Women more likely to download spyware

    Women may download spyware more often, but men are more likely to surf risky Web sites on company time, according to new survey results.

  • May 02, 2006 02 May'06

    Wacky Web misuses highlight internal risks

    One vendor says selling corporate assets on eBay, spying on coworkers and running illegal gambling rings are just a few examples of the crazy stunts employees will try when given unchecked use of the Web at work.