Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: application security

Application Security – Where It’s At

November 10, 2009 – 6:00 am – Some time ago, I was planning to write about my participation last year in a conference and a workshop on application security and software assurance respectively. One was the annual OWASP (Open Web Application Security Project) Conference in New York and the other was a workshop on the business…
By C. Warren Axelrod | Posted in CSO/CISO Perspectives, General, Information Security News | Also tagged , , , , , | Comments (0)

Bill Gates, Facebook and Privacy Controls

July 27, 2009 – 5:00 am – While in India this week, Bill Gates made the following comment: He admitted that he once had a Facebook page, but every day “ten thousand people tried to be my friend.” He said he spent too much time trying to decide “Do I know them? Don’t I know them?” Ultimately, he said, “I had to…
By Kenneth F. Belva | Posted in Human Elements, Privacy, Security in Popular Culture | Also tagged , , , , , , , | Comments (0)

BSIMM – Top Ten Surprises

May 26, 2009 – 6:00 am – In a prior column, I described the results of a survey conducted by Gary McGraw, Sammy Migues and Brian Chess published in the BSIMM (Build Security In Maturity Model) report available at http://bsi-mm.com/   Most of the results are intuitively obvious … after the fact, that is. But some…
By C. Warren Axelrod | Posted in Auditing, General, Security Metrics | Also tagged , , , , , , , | Comments (0)

BSIMM – A Giant Step for Application Security

May 18, 2009 – 6:00 am – There’s a new acronym in town – BSIMM. It’s not BSIMM the rapper out of Louisville, Kentucky. But it is BSI-MM, which is how it is depicted in the website from which you can download the 50-page report, namely http://bsi-mm.com/ The BSIMM in question stands for “Building…
By C. Warren Axelrod | Posted in General, Technical | Also tagged , , , , , | Comments (0)

The OCC and Application Security: Vindication at Last

June 17, 2008 – 6:00 am – On May 8, 2008, the OCC (Office of the Comptroller of the Currency, part of the U.S. Department of the Treasury) issued Bulletin 2008-16, which you can find here. As the OCC states, there have been prior mentions of application security by the FFIEC (of which OCC is a member), NIST and others.…
By C. Warren Axelrod | Posted in CSO/CISO Perspectives | Also tagged , , , , , , | Comments (0)