Browse by Tags
All Tags »
Software Security (RSS)
I was reading my buddy Alex Smolen's post the other day on Java Applet Security and figured I would see his post and raise it with a post on ActiveX control security. Actually, as you can probably see I have been slacking on the posting front so figured
Read More...
Having discussed the importance of security training and really its criticality – without security training most software security programs are doomed to failure – I wanted to spend a little bit of time talking about how to go about creating such a program.
Read More...
A few months ago, the software security folks at Microsoft put up a pretty insightful post on security trainings . Over the last few years I have had the opportunity to do a number of security assessments and I must agree that time and again, this fact
Read More...
I will be presenting at SD Best Practices 2007 which takes place at the Hynes Convention Center in Boston from September 18 th to the 21 st . I will be covering a topic close to my heart – being effective at code reviews for security . It should be fun
Read More...
My Virtual TechEd conversation with Mike Howard just went up on the Virtual TechEd site . Come watch a couple of software security practitioners chat about the state of the industry and where we go from here. Some of the key things we talk about include
Read More...
Unfortunately like most other things software security sounds great in theory but the devil and the pains are in the details and getting it right on the ground. This morning I ran into a whitepaper by a security vendor selling one of the leading source
Read More...
Just a quick note that over the weekend I got a bunch of stuff over onto the Wiki . So far this is mostly stuff I wrote for Software Magazine . Main article is one Security Code Reviews which it turns out has been pretty popular – its usually in the top
Read More...