Tag Archives: SDLC

Outsourcing, Cost Cutting and the Boeing 737 Max Debacle

August 12, 2019 – 6:00 am – When we thought that Boeing had come up with ways to mitigate the risks that resulted in two major air crashes, we learn that Boeing has been outsourcing their software development to Indian companies that hired newbie temporary programmers for as little as $9 per hour, as described in a June 28,…
By | Posted in Cyber-Physical Systems, General, software engineering | Also tagged , , , , , | Comments (1)

The Quest for Secure and Resilient Software

July 19, 2010 – 6:00 am – Secure and Resilient Software Development (CRC Press, 2010) by Mark Merkow and Laksh Raghavan is a really good book. It addresses a key security area that is generally given short shrift, even though purportedly more than 70 percent of breaches result from attacks on the application layer. The…
By | Posted in CSO/CISO Perspectives, Security Metrics, Technical | Also tagged , , , , , , , , , | Comments (0)

BSIMM – Top Ten Surprises

May 26, 2009 – 6:00 am – In a prior column, I described the results of a survey conducted by Gary McGraw, Sammy Migues and Brian Chess published in the BSIMM (Build Security In Maturity Model) report available at http://bsi-mm.com/   Most of the results are intuitively obvious … after the fact, that is. But some…
By | Posted in Auditing, General, Security Metrics | Also tagged , , , , , , , | Comments (0)

The OCC and Application Security: Vindication at Last

June 17, 2008 – 6:00 am – On May 8, 2008, the OCC (Office of the Comptroller of the Currency, part of the U.S. Department of the Treasury) issued Bulletin 2008-16, which you can find here. As the OCC states, there have been prior mentions of application security by the FFIEC (of which OCC is a member), NIST and others.…
By | Posted in CSO/CISO Perspectives | Also tagged , , , , , , | Comments (0)