Blog Posts Tagged with "SSA"
Effective Software Security Starts and Ends with Requirements
October 28, 2011 Added by:Rafal Los
Threat modeling software is a delicate art, and often mis-understood enough to cause poor execution. It seems elementary that the best time to impact security in a positive way is during requirements gathering, yet many security professionals continue to ignore that opportunity...
Comments (0)
Software Security Assurance - Getting the Formula Right
August 27, 2011 Added by:Rafal Los
Security professionals need to ensure that we're doing what's right for the developers who will be building more secure software, rather than us security professionals who are adept at bolting on security bits. That's the big revelation here, but of course, only if you believe me...
Comments (0)
Business Relevant Infosec - The Top and Bottom Lines
July 24, 2011 Added by:Rafal Los
Security isn't somehow disconnected from the business... it's part of the business. When we fail to see that, to acknowledge that, then we lose - and by we I mean the entire community, the organization and you too...
Comments (0)
Wizard-Driven Software Security Testing
July 06, 2011 Added by:Rafal Los
The technology available today for testing your applications is quite complex, but many folks simply want to push the "magic security button" and get fast, accurate results. That's simply impossible, but the requirements continue to demonstrate this want. So what do we do?
Comments (0)
Thoughts on Software Security Assurance from a Like Mind
June 10, 2011 Added by:Rafal Los
Being able to tie exploitable issues in a running application to source code is the Holy Grail of security testing... but it's unlikely you'll get good adoption and success if you're trying to hand a bunch of developers black-box security testing technology...
Comments (0)
The Most Important Security Question Ever Asked
June 01, 2011 Added by:Rafal Los
I've been learning a lot lately from one of my senior colleagues who's been doing this software security assurance thing much longer than I have, and the more time I spend with him the more I understand that it all comes down to one very simple question: Why?
Comments (5)
Prescriptive Software Security Assurance for SMBs
May 25, 2011 Added by:Rafal Los
Can you handle the work it would take to ratchet up security on your applications? If you've got more than a dozen applications with more then 5 in the pipeline, you can figure on a single non-dedicated resource being able to handle one application security test per week, tops...
Comments (0)
Securing Applications at High Velocity
May 11, 2011 Added by:Rafal Los
While the blistering speed of application development and deployment may enable the business to be more agile and responsive to the changing business climate than ever, it creates unparalleled challenges for anyone with security as part of their job description...
Comments (0)
Data Breach Overload is Killing SSA
April 19, 2011 Added by:Rafal Los
Money and technology alone won't bring us secure software or applications. Many times the idea of spending a large chunk of money on tools alone sounds appealing because someone selling you something says that you should - but I'd like to urge caution...
Comments (0)
Software Security Assurance in a "One Man Show"
April 15, 2011 Added by:Rafal Los
Down-scaling an enterprise security challenge into a smaller fit is more of a challenge than you'd think, because it's just too easy to say 'outsource it all'... but how does that actually help an organization write more secure software? The answer is that it doesn't...
Comments (0)
Paying for Risk: The Hidden Dangers of Software Acquisition
April 02, 2011 Added by:Rafal Los
Many organizations forego a Software Security Assurance (SSA) program simply because they don't develop their own software and so are missing the risks of the software or applications they are purchasing - don't get caught with this type of risk...
Comments (0)
Software Security: Just What is the Meaning of Mature?
March 22, 2011 Added by:Rafal Los
When an organization's SSA Program is mature, they've minimized their spending (thus maximizing their efficiency), they're impacting their business in a minimal way, and have decreased latent IT-based risk to their business applications to an acceptable level...
Comments (0)
Four Components of a Successful SSA Program
February 15, 2011 Added by:Rafal Los
Process can be outlined in documentation and stored on a network share or published in a booklet on everyone's desktop. Process can be a workflow-driven project management system that requires a security-infused approach from requirements gathering all the way through post-release...
Comments (0)
Avoiding the Top 3 Application Security Mistakes
January 26, 2011 Added by:Rafal Los
You cannot reasonably expect to take application security analysis results and hurl them over the proverbial wall into the developer's world and expect something magical to happen. It won't. 9 out of 10 times the mass of bits you just sent over will be ignored, or worse, misunderstood...
Comments (0)
Why Application Security Programs Fail
January 23, 2011 Added by:Rafal Los
Having clearly-defined and attainable goals of your Software Security Assurance program is more important than almost anything else. While there are many subtleties to building goals in any organization, without them being clearly defined and reachable you cannot expect anything else but failure...
Comments (0)
2010 - A Quick Look Back to Look Forward
December 29, 2010 Added by:Rafal Los
So looking back on 2010 and where our footprints in the sand have led us to so far, I can't help but feel like we've been walking around in circles, talking about the same security issues over and over again but only changing up the words to make it look more appealing and calling it new...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!