Eye On: Secure Software Development

• Security pros find software code security improvements, weigh next step
  Secure coding practices are improving at many software vendors, fueled by an increased emphasis on secure coding frameworks, training and new processes.

• Organizational issues can trip up software remediation
  Running an application security program requires more than a solid budget. It needs a person with deep knowledge of the organization and its engineering processes.

SearchSecurity.com's new "Eye On" series examines a security topic each month. In April, the series explores software security and the technologies and methodologies available to reduce vulnerabilities and improve software development processes.

• Software code analysis firm gives security vendors poor marks
  The latest study of application code by Veracode found many applications submitted by software makers are of “unacceptable security quality.”

• Reviewing applications for security: Code review best practices
  Developing secure application code isn’t easy. David Jacobs outlines best practices for keeping customers’ applications secure.

• Cloud application security issues and considerations
  Companies moving legacy applications to a cloud environment need to account for a different threat model, loss of control.

• Preventing and detecting security vulnerabilities in Web applications
  Web applications are often developed quickly with little thought to security. Expert Richard Brain explains how to detect common Web application flaws.

• Secure SDLC best practices
  While focus on technicalities is a given during the SDLC, this tip explains how to secure the SDLC, from the analysis phase right through to deployment.

MULTIMEDIA:
Marcus Ranum: The consequences of poor software design

Marcus Ranum discusses the consequences of poor software design and what can be done to ensure this does not happen in the future.

• Podcast: David Ladd on the Microsoft SDL
  David Ladd of Microsoft’s software security engineering team talks about the SDL and how it can be applied to improve the security of your software development processes.

• Podcast: Chris Wysopal on software security and threat modeling
  Chris Wysopal, co-founder and CTO of Veracode talks about the evolution of secure software development and the road ahead. Wysopal says threat modeling is the next step.

• Video: Secure software development: Getting started
  Chris Eng, senior security researcher at Veracode Inc., explains how firms can get started improving their software development processes.