VIDEO: Gary McGraw on evolution of BSIMM maturity framework
In a recent interview from the RSA Conference, Cigital CTO and author of Software Security, Gary McGraw discusses the ongoing evolution of BSIMM and why some organizations continue to ignore software...
View ArticleFlaw Leaves EA Origin Platform Users Open to Attack
Five years ago, Cigital CTO Gary McGraw co-authored Exploiting Online Games in which he describes various ways an attacker could take advantage of weaknesses in gaming platform protection systems. As...
View ArticleHow to avoid being a cash cow for cybercriminals
Cyber criminals do not care who you are or what your company stands for. If you have vulnerabilities in your software, they have real financial incentive to find it and build an exploit for it....
View ArticleChrome extension briefly allows DRM-free downloads from Spotify: Encryption...
Security defects come in two flavors, bugs in the code and flaws in the design. The latest Spotify issue is a flaw, therefore anyone who blithely says ‘they should have used encryption’ hasn’t thought...
View ArticleFlaw Leaves EA Origin Platform Users Open to Attack
Five years ago, Cigital CTO Gary McGraw co-authored Exploiting Online Games in which he describes various ways an attacker could take advantage of weaknesses in gaming platform protection systems. As...
View ArticleHow to avoid being a cash cow for cybercriminals
In this contributed piece for the Computer Weekly Developer Network, principal consultant Paco Hope explains his security-centric approach to software application development. Article excerpt For many...
View ArticleChrome extension briefly allows DRM-free downloads from Spotify: Encryption...
Spotify allows users to listen to songs without charge, but subject listeners to hear occasional adverts in order to pay royalties and service costs. Users can take advantage of a premium service...
View ArticleBSIMM-V: Free Software Security Insights from 67 Companies
Application Development Trends magazine editor-at-large John K. Waters talks about BSIMM-V with Cigital CTO Gary McGraw. “The BSIMM is based on the study of real practices as they exist,” explained...
View ArticleSoftware [in]security and scaling architecture risk analysis
Software security defects are split 50/50between bugs and flaws, and Architecture Risk Analysis is a critical touchpoint for addressing flaws. While architecture risk analysis (ARA) is a process that...
View ArticleTop 5 most common security development errors
Over the past year, a lot of attention has been focused on the security failures of software and devices. When these vulnerabilities are presented by clever and talented security experts, it is easy to...
View ArticleClik here to view.
FS-ISAC Recommended Controls for Addressing Third-Party Software Security
All businesses depend on software; some software is developed internally while the rest comes from third-party software service providers and commercial off-the-shelf software (COTS) vendors. While...
View ArticleCigital Speakers Coming to a Town Near You
Next week looks to be a busy one for Cigital speakers with three members of the Cigital team delivering talks around the United States. Joel Scambray, Managing Principal OWASP Austin January Chapter...
View ArticleInsight into Scaling Automated Code Review
Nearly every organization tackling software security today is working on automating code review. However, the challenge most firms are running into now is how to scale this process with...
View ArticleClik here to view.
JMU Distinguished Lecture: Cyber War, Cyber Peace, Stones, and Glass Houses
Software is in such a vulnerable state today. Most systems and networks were poorly designed and built from the start, which makes them even more difficult to defend against cyberwar, cyberespionage,...
View ArticleJoin our @theWhiteboard Session on Secure Password Storage February 12 from...
Cigital @theWhiteboard is an exciting new eLearning offering from Cigital that combines live instructor-led content and electronic delivery. This month’s free session, led by Cigital iCTO John Steven,...
View ArticleVIDEO: Time for Enterprise IT to declare defeat in the Security war?
Is it time for security professionals to admit defeat? The old paradigm of computer security–protecting broken software from attackers with firewalls–isn’t working. Building security in is the way to...
View ArticleWebinar: Ruby On Rails Security
Wednesday, March 12, 2014 1:00 PM EDT – 2:00 PM EDT Since its inception in 2004, Ruby on Rails has made quite a stir. It powers companies like Twitter, Github, Groupon, Braintree, Slideshare,...
View ArticleThe scary truth about data security with wearables
Data brokers collect data from numerous sources for everyone in the US. It is alarming how much data is collected and the potential for security breaches, particularly from wearable devices. Recently...
View ArticleMcGraw: Financial services develop a proactive posture
Proactive Security has become the new way of protecting your software. Gary McGraw discusses the key to making this type of security successful, how it can affect your budget and the positive impact it...
View ArticleSecurity Researchers Expose Bugs and Their Vendors
In the day and age where applications are constantly surveyed and found to have bugs, the communication behind reporting them has stirred much controversy, especially in eyes of security researchers....
View Article
