Clik here to view.
10 Steps to Transform Application Security
Recently Darryl Taft at eWeek released a slidedeck based upon Mark Troester’s article, “Application security needs to be redefined to stay relevant“. …Continue reading »
View ArticleClik here to view.
Gary McGraw – Security and the Complexity of Today’s Software
“Security defects come in two flavors; bugs in the implementation and flaws in the design. We’re paying quite a bit …Continue reading »
View ArticleClik here to view.
51% of security managers believe their applications have vulnerabilities...
A recent study by Quotium highlighted some interesting findings as they researched application security from a security manager’s point of view. …Continue reading »
View ArticleClik here to view.
Three Pillars: Devs, Security and Ops
Nimmy Reichenberg recently wrote an article on SecurityWeek describing the “Three C’s” of team based application development: Collaboration, Communication and …Continue reading »
View ArticleClik here to view.
Jim Routh – Software Design and Remediation – Part 01
“Design is the most neglected aspect of software security.” — Jim Routh In this 50 in 50 Interview with Jim …Continue reading »
View ArticleClik here to view.
Jim Routh – Components and Reusability – Part 02
“90% of development today uses a lego block construction technique of taking parts and assembling the parts in a way …Continue reading »
View ArticleClik here to view.
John Keane – The Software Angel of Death
“You can have great policy, you can have great DOD directives and DOD instructions, but if it’s not in enforceable …Continue reading »
View ArticleClik here to view.
Joe Jarzombek – Security is not just about Software
“Some of the common weaknesses are not at the code level. Over 2/3 are at the code level, but the …Continue reading »
View ArticleClik here to view.
Jack Mannino – Build Security into Mobile
“Enterprise security has actually become dependant upon how we can identify people at the mobile layer.” — Jack Mannino When …Continue reading »
View ArticleClik here to view.
Steve Lipner – The Security Development Lifecycle at Microsoft
“I think we have a long way to go to get the broad understanding of what security really means in …Continue reading »
View ArticleClik here to view.
Simon Bennetts – The OWASP Web Applications Vulnerability Project
In this morning’s news I saw a reference to a project on OWASP that documents the vulnerabilities in web applications …Continue reading »
View ArticleClik here to view.
John Steven – Measuring the Cost of Application Security
“If you take the big, monolithic testing effort you currently have at the end, and you push it towards the …Continue reading »
View ArticleClik here to view.
Threat Intelligence and Software Security: Opportunities for Improvement?
I am attending the AppSecUSA Conference in New York in November as a moderator for the panel on “Threat Intelligence …Continue reading »
View ArticleClik here to view.
The Real Cost of Waiting (to fix software vulnerabilities)
One of my pet peeves is that everyone is talking about how much you can save by moving security into …Continue reading »
View ArticleClik here to view.
Curtis Yanko – Methodologies for Measuring the Cost of Software Defects
“There are ways through automation, design and testing techniques where we can take what is traditionally a three to six …Continue reading »
View ArticleClik here to view.
AppSec USA 2013, New York City – What to Expect
Next week I’ll be in New York City at AppSec USA 2013 to moderate two panel discussions and interview a …Continue reading »
View ArticleClik here to view.
Wait, wait… don’t pwn me! – Game show on security news
At AppSec USA in New York City this week, I had a fun time acting as host and moderator for …Continue reading »
View ArticleClik here to view.
Wait wait… don’t pwn me! – Full recording from AppSec USA 2013
On today’s segment, we’re going to take a different approach from our normal format. I was at the AppSec USA …Continue reading »
View ArticleClik here to view.
AppSec USA 2013 – OWASP Panel on Using Components with Known Vulnerabilities...
Last week at AppSec USA in New York City (November 20, 2013), I moderated a panel with Jeff Williams and …Continue reading »
View ArticleClik here to view.
The Purpose of OWASP, an Interview with Co-Founder Dennis Groves
Many people in the OWASP Community don’t know Dennis Groves… and that’s a surprise since he is one of the …Continue reading »
View Article