Tag Archives: software assurance

Outsourcing, Cost Cutting and the Boeing 737 Max Debacle

– When we thought that Boeing had come up with ways to mitigate the risks that resulted in two major air crashes, we learn that Boeing has been outsourcing their software development to Indian companies that hired newbie temporary programmers for as little as $9 per hour, as described in a June 28,…

Encryption and the Dark Side

– The saga continues … as it should and will. A front page article appeared in the May 17, 2016 issue of The New York Times, by Paul Mozur and Jane Perlez, with the title “Chinese Panel Quietly Grills Silicon Valley: Apple and Others Face Security Checks.” It describes the retaliation that was…

Software Assurance (SwA) and the Department of Defense (DoD)

– On December 16, 2013 the Office of the Assistant Secretary of Defense for Research and Engineering (ASD(R&E)) issued a Request for Information (RFI) with the title “Software Assurance,” which can be found via on the FedBizOpps website at:…

So-so SASO … So What?

– A couple of days ago, I happened across Oracle CISO Mary Ann Davidson’s August 24, 2011 blog, “Those Who Can’t Do, Audit” at http://blogs.oracle.com/maryanndavidson/entry/those_who_can_t_do and began writing a column about Davidson’s blog. Then I was pointed to Veracode’s Chris…

The Quest for Secure and Resilient Software

– Secure and Resilient Software Development (CRC Press, 2010) by Mark Merkow and Laksh Raghavan is a really good book. It addresses a key security area that is generally given short shrift, even though purportedly more than 70 percent of breaches result from attacks on the application layer. The…