March 2011 - Issue 19

View Online

Tell a Friend

Top Banner
Editorial Corner

Brian Chess on static code analysis ...  Security rollout realities ... Catching top programming errors

This month, Secure Software Advisory is reprinting an interview published on with Brian Chess, founder and chief scientist of HP Fortify and distinguished technologist at HP. Chess discusses why building security into software development from the beginning is critical, as is static code analysis to uncover potential security vulnerabilities and address them earlier in the development process.

A reader needs to come up with a management plan for a security implementation and an oversight process once the security measures are in place. Can you help? He is looking for real-life examples of rollouts and how readers have improved security procedures within their organizations. Need to fix more programming errors? In this month's best advice column, read numerous suggestions from readers on how to catch bugs and implement best practices.

Let us know how successful we are at including articles relevant to you by taking a one-minute reader survey. You could win a T-shirt for answering the survey or this month's dilemma, or for submitting a business challenge you face.

If you would like to unsubscribe from this newsletter, please click on link at the bottom of the page.

Feature Story

Interview with Brian Chess on Static Code Analysis

The "Distinguished Technologist" addresses software security

by Srini Penchikala (Reprinted from

Secure Software Advisory would like to thank the producers of InfoQ, the "independent, online community focused on change and innovation in enterprise software development" for permission to reprint this interview, published on February 21, 2011. We encourage readers of Secure Software Advisory to check out the InfoQ site for information tailored to the needs of technical software leaders. Read more

Denial of Service threats exposed in Java and PHP. Click to read the latest

Kelly Collins of Fortify Software: Possible Creation of Cyber Weapon ‘Significant Concern’

RSA: HP Proposes Holistic Security

RSA 2011: Mike Armistead, VP Strategy and Planning, HP Solutions and Co-Founder, Fortify

Complete our one-minute reader survey and you could win a Fortify T-shirt

Subscribe here or manage your subscription.



Cloud Security Alliance

More ...

Off by On: The Latest on Software Security Assurance

Inevitable Surprises in Cyber Security: A Look at Software Security Assurance From the Federal Perspective


Security & Privacy


SC Magazine

More ...

December 2010
Issue 18
October 2010
Issue 17
Complimentary White Paper

Gartner Magic Quadrant for Static Application Security Testing

Static Application Security Testing (SAST) is an essential part of the application security equation. SAST is critical because it locates vulnerabilities in code and provides the information necessary to fix the vulnerabilities. If you're thinking about how to address software security in your organization, you won't want to miss this opportunity to get a complimentary copy of Gartner's 2010 Magic Quadrant for Static Application Security Testing, released in December. This report will provide you with an understanding of the SAST market; the vendors serving this market, and their strengths and cautions; the Magic Quadrant; and where the key players are placed relative to their "Ability to Execute" and their "Completeness of Vision." Click to read more!

What's Your Best Advice?

This Issue's Dilemma:

Any stories of security rollouts or security procedure enhancements?

My team needs to come up with a plan for management regarding a security implementation and a way to best oversee the process once the security measures are in place. Does anyone have a real-life story of a security rollout, or do you have an example of how you improved security procedures within your organization?

I'd like to hear your first-hand accounts as well as any advice you have on how to improve security procedures. -- J.S.

Can You Help?
Share your experience or your best advice and you could win a Fortify T-shirt!

Previous Issue's Dilemma:

How to raise security awareness?

I know that security should be on our radar, but I need some concrete suggestions on how to raise awareness of the need for security within our development community. Also, how can we change developers' behaviors?

-- Mark L.

Read what our readers have to say.

Communication and Leadership

CNCI Declassified for Public Consumption
U.S. Cyber Security Czar comes out of the shadows to reveal defense plans
by Kit Eaton - Fast Company

From RSA 2010
Infosec pros get raises despite recession
by Bill Brenner - CSO

The Increasing Threat

SQL Injections and Malware Top Hacks
Creating the majority of data breaches
by Dancho Danchev -

Advanced Persistent Threats Cloud Corporate Landscape
Google and others hacked
by Kim Zetter - Wired

Getting Things Done

Forrester on Security Outsourcing in 2010
Co-sourcing is the new outsourcing
by Tim Wilson - Dark Reading

New Communication Platforms, New Attack Vectors
Exploring the boundaries of IT security
by Alexandru Catalin Cosoi - Help Net Security

productsandservices.gif solutions.gif resourcecenter.gif customers.gif partners.gif newsandevents.gif aboutfortify.gif

"ConnectedIn Media consulted in the development of our e-newsletter and
made the process easier than we ever expected."

-- David Baer, Director of Global Marketing

Fortify is concerned about your privacy. We do not rent, sell or exchange e-mail addresses. Copyright 2011, InternetVIZ. All rights reserved. You can write to us at 2215 Bridgepointe Parkway, Suite 400, San Mateo, CA 94404.

You are subscribed using the following e-mail address: If you wish to change your selections or unsubscribe altogether, click below.

:: Subscribe
:: Unsubscribe
:: Forward
:: Manage

Powered by TailoredMail