SANS Top 25 Most Dangerous Software Programming Errors

	February 2009 - Issue 4	View Online	Tell a Friend

Fed security in Web 2.0 ... Leadership vacuum ... The numbers game

Bruce Jenkins,
Managing Consultant

Don't miss this month's feature article, Web 2.0's Thrills and Spills. Deborah Snyder offers guidelines for dealing with the brave new threat landscape that has arisen with Web 2.0.

Ever have trouble with enterprise-wide security policy management? Our readers give their thoughts and opinions on how to address this, along with communications issues, in How to Handle a Security Leadership Vacuum.

When executives like numbers, what do you measure and how do you monitor and present data to them? One of our readers needs help. Please share your thoughts on handling the boss and the metrics.

Please let us know how successful we are at including articles relevant to you by taking a one-minute reader survey. You could win a complimentary copy of Secure Programming with Static Analysis. Congratulations to Vickie Galante, Security Officer at the Department of Defense for being this quarter's winner!

If you would like to unsubscribe from this newsletter, please click on link at the bottom of the page.

Web 2.0's Thrills and Spills

How to stay secure in a brave new environment

by Barbara Morris, Editor, Federal Secure Software Advisory

Today's Web user -- whether a "digital native" born with a silver flash drive in one fist, or a "digital immigrant" having hard-won Web skills -- is probably handy with some aspect of Web 2.0. Since that term was coined in 2004, new uses of Internet technologies continue to introduce unique forms of collaboration and communication.

Nowadays, it seems that everybody is texting, uploading photos to Flickr, wiki-ing, blogging or just watching videos on YouTube. We live in a world of peer-to-peer communications, where workforce collaboration, online classrooms and video conferencing are becoming the norm. And here's the rub: All of these Web 2.0 uses by a multitasking, wired workforce make it harder to track the potential risks to organizations. Read more

How Obama can fix Cybersecurity

Fortify Ends 2008 with Largest Quarter in Company History

More ...

Complete our one-minute reader survey, and you could win the book, Secure Programming with Static Analysis.

OTDA Harnesses Fortify SCA

The Silent Battlefield

Subscribe here or manage your subscription

NIST -- Performance Measurement Guide for Information Security

	ASIS International-ASIS
	Open Web Application Security Project-OWASP
	Computer Security Institute-CSI

	Government Security News
	Government Computer News
	Federal Computer Week
	Washington Technology

December 2008
Issue 3

October 2008
Issue 2

August 2008
Premier

[More...]

CISO�s Guide to Web 2.0 Security

Web 2.0 has brought new life to the online world.

Web 2.0 has made the Web a livelier and friendlier place, with social Web sites, wikis, blogs, mashups and interactive services that are fun as well as useful. There are two Web 2.0 concepts that change the game for CISOs and that they need to understand. The first is the introduction of rich client interfaces (AJAX, Adobe/Flex) while the other is a shift to community-controlled content as opposed to the publisher consumer model. Both have serious security issues.

Read this fundamental checklist to accelerate your software security efforts.

Previous Issue's Dilemma:

Security leadership vacuum

Our company has a limited software security team embedded in the developers' group, a desktop security group within the network team and physical security within building security. However, we have no overall security policy to tie all our security experts together.

Is it important that they work together in the same department, or should we just establish good lines of communications between them so they don't just point fingers at each other when a security breach happens?

-- Michael G., Security Analyst

Read what others had to say.

This Issue's Dilemma:

Reporting stats to please the boss

Our executives like numbers. And heaven forbid we disappoint them ... so here�s our plan: We want to collect software security data and put it into a report. That way, the executives will know what happens in our shop on a regular basis. For those of you who are already doing this, what do you measure and how is it monitored and present to executives? I�d appreciate any help your readers can give me. -- Sam, Software Developer

Can You Help? Share your experience or your best advice, You could win a copy of Secure Programming with Static Analysis, by Brian Chess and Jacob West, a $49.95 value.

Got a business problem or question for our readers to tackle?

Government Satellite Disaster Communications
A new network that bypasses terrestrial infrastructure
by William Jackson - Government Computer News

How to Revamp Outsourcing Strategies
Withstanding crises
by Dean Davison - CIO

A Government CIO's Vision of Cybersecurity
Suggestions to tighten up your ship
by Dan Mintz - Government Computer News

SANS Top 25 Most Dangerous Software Programming Errors
How to write more secure software and provide buyers a baseline
by Kelly Jackson Higgins - darkreading.com

Choosing America's First Government CTO
How to choose?
by Steve Hamm - Business Week

New York State Plans Application Security Program
Doing business with the Empire State
by Richard Adhikari - InternetNews.com

"ConnectedIn Media consulted in the development of our e-newsletter and
made the process easier than we ever expected."

-- Sherry Ramm, Director of Global Marketing

Fortify is concerned about your privacy. We do not rent, sell or exchange email addresses. Copyright 2009, InternetVIZ. All rights reserved. You can write to us at 2215 Bridgepointe Pkwy, Suite 400, San Mateo, CA 94404. You are subscribed using the following email address: . If you wish to change your selections or unsubscribe altogether, click below.
:: Subscribe to this newsletter ... :: Unsubscribe :: Forward :: Manage Powered by TailoredMail