Home - security activities monitoring, Application security, Security training, Security awareness, Security architecture, security review, CCSLP, Secure development lifecycle, SAST, DAST, Static Application analysis, Dynamic Application analysis, security assurance roadmap, security activities monitoring, secure release mangement

Governance is centered on the processes and activities related to how an organization manages overall software development activities. More specifically, this includes concerns that cross-cut groups involved in development as well as processes that are established at the organization level.

Construction concerns the processes and activities related to how an organization defines goals and creates software within development projects. In general, this include product management, requirements gathering, high-level architecture specification, detailed design, and implementation.

Verification is focused on the processes and activities related to how an organization checks and tests artifacts produced throughout software development. This typically includes quality assurance work such as testing, but it can also include other review and evaluation activities.

Security – Not just for Networks !
Criminals are targeting software.
Hackers know that you have firewalls – Not convenient to hack the network.
Hackers are targeting a new way to ‘hack’ into your systems; the new way is through applications.

Why Applications?
People are using software in every part of their lives !

The Business Impact
The ramifications of insecure software go beyond mere technology issues; there is also a definite business impact.
Not having secure software can lead to:

Financial loss
Bad publicity
Investigations and litigation
Liability (personal and corporate)
Reputation damage
Loss of brand, confidence and trust among customers, partners, shareholders and stakeholders

What is the answer ?
Success of a software assurance program within an organization is directly proportional to the support of executive management.
Security has to be ensured throughout the entire lifecycle.
All stakeholders in the software development process must be aware of common security tenets and threats.

Building secure software is a result of all the stakeholders having the appropriate levels of participation, and a security mindset in the design, development, and deployment of the software.

Stakeholders must be educated in how to build security within every phase of the lifecycle.

source: CSSLP white paper

(RSS)
Blackhat 2012 EUROPE - Apple vs. Google Client Platforms
Blackhat 2012 EUROPE - Apple vs. Google Client Platforms We will discuss the two different ...

Blackhat 2012 Europe - HTML5 Top 10 Threats: Stealth Attacks and Silent Exploits
Blackhat 2012 Europe - HTML5 Top 10 Threats: Stealth Attacks and Silent Exploits HTML5 is an ...

28c3 - Apple vs. Google Client Platforms
We will discuss the two different approaches Apple ...

Project Finds, Purges Vulnerable Code Snippets From The Net - Dark Reading
Project Finds, Purges Vulnerable Code Snippets From The NetDark ReadingAmong the organizations in ...

Now available: Microsoft SDL Process Guidance updates ? version 5.2
Jeremy Dallman here to let you know we have released our annual update to the Microsoft Security ...

Securing Development with PMD
Back in April I presented my Securing Development with PMD (Teaching an Old Dog New Tricks) ...

Banks warned of sophisticated new online scam
Trusteer expects malware used to attack several German bank sites to be reconfigured for banks in ...