Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: software assurance

Software Assurance (SwA) and the Department of Defense (DoD)

– On December 16, 2013 the Office of the Assistant Secretary of Defense for Research and Engineering (ASD(R&E)) issued a Request for Information (RFI) with the title “Software Assurance,” which can be found via on the FedBizOpps website at:…

So-so SASO … So What?

– A couple of days ago, I happened across Oracle CISO Mary Ann Davidson’s August 24, 2011 blog, “Those Who Can’t Do, Audit” at http://blogs.oracle.com/maryanndavidson/entry/those_who_can_t_do and began writing a column about Davidson’s blog. Then I was pointed to Veracode’s Chris…

The Quest for Secure and Resilient Software

– Secure and Resilient Software Development (CRC Press, 2010) by Mark Merkow and Laksh Raghavan is a really good book. It addresses a key security area that is generally given short shrift, even though purportedly more than 70 percent of breaches result from attacks on the application layer. The…

Insider Threat – Not Knowing That You Don’t Know What You Don’t Know

– In my column “All the Way from RSA,” posted on April 5, 2010, I refer to the article “France Got Stolen HSBC Data” by Deborah Ball and David Gauthier-Villars in the Money and Investing section of The Wall Street Journal published on March 12, 2010. Not only does this appear to be a case of…

Negative Testing Revisited – Vehicle Control Systems (Part 1)

– In my January 11, 2010 column “Security Testing’s Missing Link and the Revelation of Drone Images,” I recounted the episode of the interception by terrorists of the transmission of video images from drones. I attributed much of the issue to a lack of negative testing, that is, testing for…