Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: SDLC

The Quest for Secure and Resilient Software

July 19, 2010 – 6:00 am – Secure and Resilient Software Development (CRC Press, 2010) by Mark Merkow and Laksh Raghavan is a really good book. It addresses a key security area that is generally given short shrift, even though purportedly more than 70 percent of breaches result from attacks on the application layer. The…
By C. Warren Axelrod | Posted in CSO/CISO Perspectives, Security Metrics, Technical | Also tagged , , , , , , , , , | Comments (0)

BSIMM – Top Ten Surprises

May 26, 2009 – 6:00 am – In a prior column, I described the results of a survey conducted by Gary McGraw, Sammy Migues and Brian Chess published in the BSIMM (Build Security In Maturity Model) report available at http://bsi-mm.com/   Most of the results are intuitively obvious … after the fact, that is. But some…
By C. Warren Axelrod | Posted in Auditing, General, Security Metrics | Also tagged , , , , , , , | Comments (0)

The OCC and Application Security: Vindication at Last

June 17, 2008 – 6:00 am – On May 8, 2008, the OCC (Office of the Comptroller of the Currency, part of the U.S. Department of the Treasury) issued Bulletin 2008-16, which you can find here. As the OCC states, there have been prior mentions of application security by the FFIEC (of which OCC is a member), NIST and others.…
By C. Warren Axelrod | Posted in CSO/CISO Perspectives | Also tagged , , , , , , | Comments (0)