Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: SDLC

The Quest for Secure and Resilient Software

– Secure and Resilient Software Development (CRC Press, 2010) by Mark Merkow and Laksh Raghavan is a really good book. It addresses a key security area that is generally given short shrift, even though purportedly more than 70 percent of breaches result from attacks on the application layer. The…

BSIMM – Top Ten Surprises

– In a prior column, I described the results of a survey conducted by Gary McGraw, Sammy Migues and Brian Chess published in the BSIMM (Build Security In Maturity Model) report available at http://bsi-mm.com/   Most of the results are intuitively obvious … after the fact, that is. But some…

The OCC and Application Security: Vindication at Last

– On May 8, 2008, the OCC (Office of the Comptroller of the Currency, part of the U.S. Department of the Treasury) issued Bulletin 2008-16, which you can find here. As the OCC states, there have been prior mentions of application security by the FFIEC (of which OCC is a member), NIST and others.…