-
-
-
BlogInfoSec.com Sponsors
-
BlogInfoSec.com Partners
Tag Archives: software assurance
So-so SASO … So What?
September 26, 2011 – 6:00 am
–
A couple of days ago, I happened across Oracle CISO Mary Ann Davidson’s August 24, 2011 blog, “Those Who Can’t Do, Audit” at http://blogs.oracle.com/maryanndavidson/entry/those_who_can_t_do and began writing a column about Davidson’s blog. Then I was pointed to Veracode’s Chris…
The Quest for Secure and Resilient Software
July 19, 2010 – 6:00 am
–
Secure and Resilient Software Development (CRC Press, 2010) by Mark Merkow and Laksh Raghavan is a really good book. It addresses a key security area that is generally given short shrift, even though purportedly more than 70 percent of breaches result from attacks on the application layer. The…
Insider Threat – Not Knowing That You Don’t Know What You Don’t Know
May 10, 2010 – 6:00 am
–
In my column “All the Way from RSA,” posted on April 5, 2010, I refer to the article “France Got Stolen HSBC Data” by Deborah Ball and David Gauthier-Villars in the Money and Investing section of The Wall Street Journal published on March 12, 2010. Not only does this appear to be a case of…
Negative Testing Revisited – Vehicle Control Systems (Part 1)
February 16, 2010 – 6:00 am
–
In my January 11, 2010 column “Security Testing’s Missing Link and the Revelation of Drone Images,” I recounted the episode of the interception by terrorists of the transmission of video images from drones. I attributed much of the issue to a lack of negative testing, that is, testing for…
Application Security – Where It’s At
November 10, 2009 – 6:00 am
–
Some time ago, I was planning to write about my participation last year in a conference and a workshop on application security and software assurance respectively. One was the annual OWASP (Open Web Application Security Project) Conference in New York and the other was a workshop on the business…
