December 2010 - Issue 18

View Online

Tell a Friend
Top Banner
Editorial Corner

Extending SSA to the Partner Ecosystem ... Help with the code review process ... Raising security awareness

This month's feature article, Extending Software Security Assurance to the Partner Ecosystem, addresses how software security assurance can help ensure quality code and reduce costs in the "extended enterprises" that develop when organizations outsource to IT partners that build and deliver critical software applications.

In this month's best advice column -- Help with the code review process -- readers offer numerous suggestions on how to conduct a code review, how to prioritize risks, and advice on the pros and cons of a manual versus automated code review or a combination of the two.

In this month's dilemma -- How to raise security awareness -- one reader is looking for advice on how to raise awareness of the need for security within his development community. He also wants to know how to change developers' behaviors. Your suggestions are welcome!

Also, let us know how successful we are at including articles relevant to you, by taking a one-minute reader survey. We'll be giving away three T-shirts. You could win one for answering the survey, for answering this month's dilemma or for submitting a question that could be used as a dilemma.

If you would like to unsubscribe from this newsletter, please click on link at the bottom of the page.

Feature Story

Extending Software Security Assurance to the Partner Ecosystem

Smarter outsourcing and best practices

by Amir Hartman and Craig LeGrande, Co-Founders and Managing Directors, Mainstay Partners

Most organizations today depend on IT partners to build and deliver critical software applications. Find out how SSA can help these "extended enterprises" ensure quality code and reduce costs.

Nowadays, virtually every major company or government organization relies on outside software partners and vendors to obtain vital software products and services. And for good reason: Outsourcing extends the power and reach of the organization without adding fixed costs, and it allows you to tap a global resource base, including application development expertise, offering competitive rates. Read more

Managed Software Security Assurance Services 

HP’s Move on IBM

Does Application Security Pay?

Britain Urged to Shore Up Cyber Defenses

Complete our one-minute reader survey and you could win a Fortify T-shirt

Subscribe here or manage your subscription.

OWASP

CERT

Cloud Security Alliance

More ...

Off by On: The Latest on Software Security Assurance

Inevitable Surprises in Cyber Security: A Look at Software Security Assurance From the Federal Perspective

CSO

Security & Privacy

darkREADING

SC Magazine

More ...
 
Issue 17
[More...]
 
Complimentary White Paper

Measuring the Business Impact of Software Security Assurance Solutions

Learn how chief information security officers justify their software security assurance investments from a cost-benefit perspective. This ROI study from Mainstay Partners provides the evidence needed for information security executives to communicate the business value of software security solutions in a language that matters to senior leadership.

Click to read more!

What's Your Best Advice?

This Issue's Dilemma:

How to raise security awareness

I know that security should be on our radar, but I need some concrete suggestions on how to raise awareness of the need for security within our development community. Also, how can we change developers' behaviors?

-- Mark L.

Can You Help?
Share your experience or your best advice and you could win a Fortify T-shirt!

Previous Issue's Dilemma:

Help with the code review process

I work in a large organization, and we are starting the code review process for the first time. How should we prioritize the vulnerabilities we find in the code in the primary analysis? Do readers have suggestions about manual vs. automated code review? What tactic should we take? Any advice from readers is welcome. -- Manish P.

Read what our readers have to say.

Communication and Leadership

Taking Security Seriously
Client requirements drive security investment
by Bob Bragdon - CSO


Three Tips for Measuring the Value of a Proposed Security Project
Determining the value of a project
by Mike Gentile - CISO Handbook

The Increasing Threat

Malware in Drive-by Downloads
Showing up on legitimate sites
by Tim Wilson - Dark Reading


Breaches Cost Health Care Industry $6 Billion Annually
1,769 records lost per incident
by Angela Moscaritolo - SC Magazine

Getting Things Done

Securing the Private Cloud
Gartner says security must evolve
by Fahmida Y. Rashid - eWeek


Tech Companies See Dearth of Mobile-Software Developers
Quality mobile-software designers and engineers scarce
by Douglas MacMillan - BusinessWeek

productsandservices.gif solutions.gif resourcecenter.gif customers.gif partners.gif newsandevents.gif aboutfortify.gif

"ConnectedIn Media consulted in the development of our e-newsletter and
made the process easier than we ever expected."

-- David Baer, Director of Global Marketing
Fortify is concerned about your privacy. We do not rent, sell or exchange e-mail addresses. Copyright 2011, InternetVIZ. All rights reserved. You can write to us at 2215 Bridgepointe Parkway, Suite 400, San Mateo, CA 94404.

You are subscribed using the following e-mail address: sample@tailoredmail.com. If you wish to change your selections or unsubscribe altogether, click below.

:: Subscribe
:: Unsubscribe
:: Forward
:: Manage

Powered by TailoredMail