February 2010 - Issue 10

View Online

Tell a Friend
Federal Government - Fortify

Realizing the Advantages of the Digital Age ... Top training tips ... Standards and compliance

Bruce Jenkins
Bruce Jenkins,
Managing Consultant

This month, we're bringing you a feature interview with Brian Chess, chief scientist and co-founder of Fortify Software. Chess talks about his background, breaches, Howard Schmidt and Fortify's accomplishments in 2009.

In this month's best advice column --Top Training Tips -- readers offer suggestions on how to reboot a training curriculum, given the increased threats to application security.

One reader manages a team of developers and needs advice on complying with security standards. Are you familiar with FISMA standards? Please share your thoughts with us on how this manager can best keep his team in compliance.

Also, let us know how successful we are at including articles relevant to you by taking a one-minute reader survey. We'll be giving away three T-shirts. You could win one for answering the survey, for answering this month's dilemma or for submitting a question that could be used as a dilemma.

If you would like to unsubscribe, please click on link at the bottom of the page.

digitalage.gif

Interview with Brian Chess:

Realizing the Advantages of the Digital Age 

Just after the New Year, the editors of Federal Software Security Advisory sat down with Brian Chess, Chief Scientist and Co-founder of Fortify Software, to get his insight on the past, present and future of software security.

Brian, let's start at the beginning. Tell us how you got involved in software security?

"Back in 1995, I was finishing my Master's at the University of California at Santa Cruz and working on circuit design problems at Hewlett Packard when a handful of random events converged and led me to the world of static analysis and software security. First, I came across the book Applied Cryptography by Bruce Schneier and thought it was really cool. I wasn't ready to turn around at that point in my education and pick up all the math that was necessary to become a cryptographer, but I clearly saw a relationship between circuit design problems and cryptography problems. Read more


Fortify

Seven Practical Steps to Delivering More Secure Software

The processes that go into making your company's software more secure are relatively easy if you know where to start.

SSA eLearningClick here to view a demo of the Application Security Fundamentals course.

National Cybersecurity Coordinator Choice Widely Applauded

Securing the Cyber Supply Chain

Aides Defend Presidential Powers in Cybersecurity Bill

Complete our one-minute reader survey and you could have a chance to win a Fortify T-shirt.

Subscribe here or manage your subscription.

NIST - Performance Measurement Guide for Information Security

NIST - Computer Security Resource Center

ASIS International-ASIS

Open Web Application Security Project-OWASP

Computer Security Institute-CSI

SSAWhat? A look at Software Security Assurance from the Federal Perspective

Off by On: The latest on Software Security Assurance

Government Security News

Government Computer News

Federal Computer Week

Washington Technology
bullseye.gif

Register for this Live Webinar
Ready, Aim, Fortify!

How the U.S. Army reduced application security risk.

Presenter: Bob Torche,project manager at Total Ammunition Management Information System (TAMIS)

Hear how the TAMIS project team prevents cyberattacks on their production application by accurately measuring security risk levels and proactively fixing vulnerabilities. Using Fortify 360, TAMIS personnel receive essential, automated analytical tools that continually monitor the system's performance, while TAMIS programmers receive training on secure development practices.

Register now for this Webcast to discover the benefits of a Software Security Assurance (SSA) program.

success.gif

Previous Issue's Dilemma:

What are your top training tips?

Given that threats to application security are getting more severe, we've decided to reboot our training curriculum. What are the top three points you try to get across when you teach developers about security? -- B.D.         Read what others had to say.

computersecurity.gif

This Issue's Dilemma:

Help! Any advice on complying with the FISMA security standards?

I manage a team of developers, and management says I need to include security as part of my code reviews. We must comply with the Federal Information Security Management Act (FISMA), but those guidelines are pretty broad. I would appreciate advice on the different standards under this act. Any tips on how to make sure we comply with them?

-- J. D., Developer Team Manager

Can You Help?

Share your experience or your best advice and you could win a Fortify T-shirt!

Howard Schmidt Appointed First Cybersecurity Coordinator
Experience in both the public and private sectors
by Russell Nichols - Government Technology

Cybersecurity Starts with Mission Assurance
Integrating a holistic plan
by Keith Rhodes - Washington Technology

The Call to Cyberwarfare
Air Force asks for industry's help in network attack capabilities
by Bob Brewin - nextgov.com

Threat Level
Report details hacks targeting Google, others
by Kim Zetter - Wired

Five Government Cybersecurity Challenges in 2010
Part 1: Cybersecurity Coordinator: Now what?
by Eric Chabrow, Managing Editor, GovInfoSecurity.com

Google Turns to the NSA for Help
Should you worry?
by Steve Ragan - The Tech Herald

December 2009
Issue 9
October 2009
Issue 8
August 2009
Issue 7
June 2009
Issue 6
April 2009
Issue 5
February 2009
Issue 4
December 2008
Issue 3
October 2008
Issue 2
August 2008
Premier
[More...]
Fortify
Products and Services Solutions Resource Center Customers Partners News and Events About

"ConnectedIn Media consulted in the development of our e-newsletter and
made the process easier than we ever expected."

-- David Baer, Director of Global Marketing
Fortify is concerned about your privacy. We do not rent, sell or exchange email addresses. Copyright 2010, InternetVIZ. All rights reserved. You can write to us at 2215 Bridgepointe Pkwy, Suite 400, San Mateo, CA 94404.

You are subscribed using the following email address: marketing@fortify.com. If you wish to change your selections or unsubscribe altogether, click below.

:: Subscribe
:: Unsubscribe
:: Forward
:: Manage

Powered by TailoredMail