July 2011 - Issue 21

View Online

Tell a Friend
Top Banner
Editorial Corner

Changing the software security assurance game ... Protecting legacy systems ... Managing the outsource of risk

This month's feature is a conversation between Brian Chess, founder and chief scientist of HP Fortify, and software security architect and blogger Gunnar Peterson of 1 Raindrop. In their lively discussion, they talk about software security automation, deployment and practical ways to improve the efficacy of software security programs.

Has securing legacy systems become a concern in your organization? In this month's best advice column, readers give suggestions on how to identify high-risk systems, assess the problems and take action.

One of our readers wonders how to manage outsourcing risk. He's looking for ideas on how to set up a formal analysis and measurement process. Please send in any suggestions you may have.

Let us know how successful we are at including articles relevant to you by taking a one-minute reader survey. You could win a T-shirt for answering the survey or this month's dilemma, or for submitting a question about a challenge you face.

If you would like to unsubscribe from this newsletter, please click on link at the bottom of the page.

Feature Story
 

Security, Static Analysis and Building a Great Team

A conversation between Brian Chess and Gunnar Peterson

This conversation appeared recently on Gunnar Peterson's blog, 1 Raindrop, and on HP Fortify's blog, Off by On. Gunnar Peterson is a software security architect and CTO at Arctec, and Brian Chess is founder and chief scientist at HP Fortify.

Gunnar Peterson: There are some recent studies of average chess players with a good process and computers being able to beat chess masters far above their ability; computers' analytical ability extends the player's competence. In most software security groups, one of the biggest challenges is to scale. The software security team is typically a single digit percentage of the size of the development staff. How does automation on static analysis help these teams? What ways can software security teams scale out to maximize their impact on the development organization? Read more

BrightTalk Web Seminar Series on Application Security

New scoring systems for software security: CWSS and CWRAF

New security frameworks help users demand assurance

Software Security in Practice

Complete our one-minute reader survey, and you could win a Fortify T-shirt.

Subscribe here or unsubscribe your subscription.

OWASP

CERT

Cloud Security Alliance

More ...

Off by On: The Latest on Software Security Assurance

Inevitable Surprises in Cybersecurity: A Look at Software Security Assurance From the Federal Perspective

CSO

Security & Privacy

Dark Reading

SC Magazine

More ...

May 2011
Issue 20
March 2011
Issue 19
December 2010
Issue 18
October 2010
Issue 17
August 2010
Issue 16
July 2010
Issue 15
[More...]
Complimentary White Paper

Software Vulnerabilities a "Welcome" Sign to Hackers

 

You've been reading more and more about cyber threats and the creative ways hackers are finding their way in ... with most of an organization's security spend allocated to perimeter defense, hackers have resorted to attacking at the application layer. (The network is secure, so how else can they break into an enterprise to steal sensitive data?!) Vulnerabilities in software code are like "welcome!" signs to cyber criminals, but fixing those vulnerabilities generally requires a long-term investment in the people, process and technology necessary to secure both internally developed and externally acquired applications.

This month's complimentary white paper, titled "Software Security in the Cloud," offers up valuable information on HP Fortify on Demand, a security-as-a-service solution that allows any organization to test the security of software quickly, accurately, affordably and without any software to install or manage. Learn more ...

What's Your Best Advice?

This Issue's Dilemma:

 

How to manage outsourcing risk?

I'd like to ask readers how they manage outsourcing risk. We lack a formal analysis and measurement process, and I believe that we are exposed to a high level of risk. Any and all suggestions welcome! -- James K.

Can You Help?
Share your experience or your best advice, and you could win a Fortify T-shirt!

Previous Issue's Dilemma:

 
How can we secure our legacy systems?

Our organization still has some legacy systems, mostly client/server systems developed during the first generations of web-based applications. Do readers have any suggestions on how best to secure these systems?

-- K. Adani       Read what our readers have to say.

Communication and Leadership

We Need a Better Breach Disclosure Playbook
Every data breach feels like an ad hoc disclosure exercise
by Chris Murphy - Information Week

Eight Ways to Get Buy-in from Company Executives
Tips to help get your IT proposals accepted
by David Hakala - IT Management

The Increasing Threat

High-Profile Hacks Prompt High-Powered Hires
From rock star CSOs to hotshot specialists
by Kelly Jackson Higgins - Dark Reading

CFOs Lack Faith in CIOs and IT Teams
Survey shows CFOs' doubts
by Ellen Messmer - CIO

Getting Things Done

Mobile Devices Create Panoply of Corporate Risks
 Control of devices complex
by Byron Acohido - Last Watch Dog

Nine out of 10 Businesses Breached in the Last Year
Many experienced multiple successful attacks
by Angela Moscaritolo - SC Magazine

productsandservices.gif solutions.gif resourcecenter.gif customers.gif partners.gif newsandevents.gif aboutfortify.gif

"ConnectedIn Media consulted in the development of our e-newsletter and
made the process easier than we ever expected."

-- David Baer, Director of Global Marketing

Fortify is concerned about your privacy. We do not rent, sell or exchange email addresses. Copyright 2011, InternetVIZ. All rights reserved. You can write to us at 2215 Bridgepointe Parkway, Suite 400, San Mateo, CA 94404.

You are subscribed using the following email address: sample@tailoredmail.com. If you wish to change your selections or unsubscribe altogether, click below.

HP respects your privacy. If you'd like to discontinue receiving emails from HP regarding special offers and information, please click here.

For more information regarding HP's privacy policy or to obtain contact information, please visit our privacy statement or write to us at HP Privacy Mailbox, 11445 Compaq Center Drive W., Mailstop 040307, Houston, TX 77070

If you would like to subscribe to our email list to receive future promotions and special offers, please click here.

Powered by TailoredMail