Application Security | BlogInfoSec.com

Tag Archives: application security

The (Sorry) State of Application Security

April 30, 2012 – 6:00 am – In January 2011, research firm Forrester Consulting published a report, which was commissioned by Microsoft, with the title “State of Application Security: Immature Practices Fuel Inefficiencies, But Positive ROI Is Attainable.” The report is available for download at…

By C. Warren Axelrod | Posted in CSO/CISO Perspectives, Risk Analysis, software engineering | Also tagged Forrester Consulting, microsoft, open source software, performance metrics, secure software system development lifecycle, spotlight | Comments (1)

So-so SASO … So What?

September 26, 2011 – 6:00 am – A couple of days ago, I happened across Oracle CISO Mary Ann Davidson’s August 24, 2011 blog, “Those Who Can’t Do, Audit” at http://blogs.oracle.com/maryanndavidson/entry/those_who_can_t_do and began writing a column about Davidson’s blog. Then I was pointed to Veracode’s Chris…

By C. Warren Axelrod | Posted in CSO/CISO Perspectives, Risk Analysis, software engineering | Also tagged BITS, Chris Wysopal, Department of Homeland Security, FSTC, ISV, Mary Ann Davidson, SAI, SASO, SAST, software assurance, Software Assurance Initiative, spotlight, SwAMP, Veracode | Comments (0)

Application Security and Quantum Mechanics

May 17, 2011 – 6:00 am – It’s funny how analogies pop up in the strangest of places. There is an “Annals of Science” article by Rivka Galchen in The New Yorker of May 2, 2011 about physicist David Deutsch with the title “Dream Machine: The mind-expanding world of quantum computing.” It describes the weird…

By C. Warren Axelrod | Posted in CSO/CISO Perspectives, software engineering | Also tagged cloud computing, platform security, quantum computing, SDL, spotlight, System Development Lifecycle | Comments (0)

Nastiness at NASDAQ

March 7, 2011 – 6:00 am – Did you catch the article in the February 5, 2010 Wall Street Journal about hacker intrusions at NASDAQ? It is by Devlin Barrett and has the title “Hackers Penetrate Nasdaq Computers.” It is believed that the initial penetration of NASDAQ’s networks and systems dates back to 2010. And it…

By C. Warren Axelrod | Posted in CSO/CISO Perspectives, Cybercrime | Also tagged ChoicePoint, Devlin Barrett, hackers, Heartland Payment Systems, logging, monitoring, RSA, SIEM, spotlight | Comments (0)

Are We Busy Doing Nothing?

January 3, 2011 – 6:00 am – You must read the hair-raising article by Greg Shipley in the October 11, 2010 issue of InformationWeek titled “Epic Fail.” The article is featured on the cover of the magazine with the words “The Wrong Protection: We’ve spent billions on security products, so why are we so ill-prepared…

By C. Warren Axelrod | Posted in CSO/CISO Perspectives, General, Privacy | Also tagged Enterprise Information Security and Privacy, Greg Shipley, historical analysis, security tools, spotlight | Comments (0)

BlogInfoSec.com

Search

Tag Archives: application security

The (Sorry) State of Application Security

So-so SASO … So What?

Nastiness at NASDAQ

Are We Busy Doing Nothing?

BlogInfoSec.com Sponsors

BlogInfoSec.com Partners

Qualified Writer?

Subscribe to Our Newsletter:

Authors

Categories

Recent Comments