Tag Archives: Software Assurance Initiative

So-so SASO … So What?

September 26, 2011 – 6:00 am – A couple of days ago, I happened across Oracle CISO Mary Ann Davidson’s August 24, 2011 blog, “Those Who Can’t Do, Audit” at http://blogs.oracle.com/maryanndavidson/entry/those_who_can_t_do and began writing a column about Davidson’s blog. Then I was pointed to Veracode’s Chris…
By | Posted in CSO/CISO Perspectives, Risk Analysis, software engineering | Also tagged , , , , , , , , , , , , , | Comments (0)

Old Mother Hubbard and “Building Data Collection In”

November 22, 2010 – 6:00 am – Recently I listened to the webcast of a conference on the security-related data needs of researchers and how, if companies would only share the data, which they supposedly have, the academics would be in research heaven. As I listened, I couldn’t help thinking of the English nursery rhyme…
By | Posted in General, Security Metrics, Technical | Also tagged , , , , , , | Comments (0)