October 2010 - Issue 17

View Online

Tell a Friend
Top Banner
Editorial Corner

Getting over the 'Adoption Hump'... Evaluating security frameworks and tools ... Help with the code review process

This month's feature article, Getting over the 'Adoption Hump', addresses the inevitable mountain of unknown vulnerabilities that a company faces when implementing SSA. It also shows how, in the long term, this mountain becomes a molehill as organizations begin proactively institutionalizing SSA tools and practices across development teams.

In this month's best advice column -- How to get advice about security frameworks and tools -- readers offer suggestions on where to look for resources and how to evaluate tools.

In this month's dilemma -- Help with the code review process -- one reader is looking for advice on how to start the code review process and whether or not to use automated tools. Your suggestions are welcome!

Also, let us know how successful we are at including articles relevant to you by taking a one-minute reader survey. We'll be giving away three t-shirts. You could win one for answering the survey, for answering this month's dilemma or for submitting a question that could be used as a dilemma.

If you would like to unsubscribe from this newsletter, please click on link at the bottom of the page.

Feature Story

Getting over the 'Adoption Hump'

Dealing with security flaws after initially running software security

Amir Hartman and Craig LeGrande, Co-Founders and Managing Directors, Mainstay Partners

After running software security solutions for the first time, companies commonly uncover hundreds to thousands of new vulnerabilities. Dealing with this initial explosion of security flaws can sometimes be daunting. Here's how many companies "get over the hump." 

In our recent study of the economics of software security assurance (SSA) solutions, Mainstay Partners developed a framework for understanding how companies learn to exploit the full potential of SSA. Based on interviews with 20 security executives, the study revealed distinct phases that companies pass through on the way to establishing mature, high-value application security programs. Read more

Securing Your Applications: Three Ways to Play 

The real ROI of software security activities

Risk management: The answer to security, or the problem?

UPDATE 1-HP to buy security software firm Fortify

Complete our one-minute reader survey and you could win a Fortify t-shirt.

Subscribe here or manage your subscription.

OWASP

CERT

Cloud Security Alliance

More ...

Off by On: The latest on Software Security Assurance

Inevitable Surprises in Cyber Security: A look at Software Security Assurance from the Federal Perspective

CSO

Security & Privacy

darkREADING

SC Magazine

More ...
 
Issue 16
[More...]
Complimentary White Paper

Measuring the Business Impact of Software Security Assurance Solutions

Learn how Chief Information Security Officers justify their software security assurance investments from a cost-benefit perspective. This ROI study from Mainstay Partners provides the evidence needed for information security executives to communicate the business value of software security solutions in a language that matters to senior leadership.

Click to read more!

What's Your Best Advice?

This Issue's Dilemma:

Help with the code review process

I work in a large organization, and we are starting the code review process for the first time. How should we prioritize the vulnerabilities we find in the code in the primary analysis?  Do readers have suggestions about manual vs. automated code review? What tactic should we take? Any advice from readers is welcome.

-- Manish P.

Can You Help?
Share your experience or your best advice and you could win a Fortify t-shirt!

Previous Issue's Dilemma:

Where do you get advice about security frameworks and tools?

We need advice about the quality of security frameworks and tools. Where is the best place to go? I understand that an on-site evaluation should be the second step, but it's hard to find overviews and comparisons to get a first impression. Any suggestions are welcome. -- V. Singh

Read what our readers have to say.

Communication and Leadership

Gartner Reports Security Software Market to Grow 11 Percent
Fastest-growing enterprise software segment
by Kelly Jackson Higgins - Dark Reading

CIOs Say They're Hiring Again
Tech employment outlook starting to improve
by Patrick Thibodeau - Network World

The Increasing Threat

Seven Myths About Zero Day Vulnerabilities Debunked
What you need to know about the cybercrime ecosystem
by Dancho Danchev - zdnet.com

Web 2.0 Still a Security Concern
Sixty percent of organizations suffered $2 million losses
from Help Net Security

Getting Things Done

Business Partners a Growing Security Concern
Managing risk with third parties
by Bill Brenner - CSO

Five Problems with SaaS Security
Security risks a concern with more cloud networking
by Jon Brodkin - CIO

productsandservices.gif solutions.gif resourcecenter.gif customers.gif partners.gif newsandevents.gif aboutfortify.gif

"ConnectedIn Media consulted in the development of our e-newsletter and
made the process easier than we ever expected."

-- David Baer, Director of Global Marketing
Fortify is concerned about your privacy. We do not rent, sell or exchange email addresses. Copyright 2010, InternetVIZ. All rights reserved. You can write to us at 2215 Bridgepointe Pkwy, Suite 400, San Mateo, CA 94404.

You are subscribed using the following email address: . If you wish to change your selections or unsubscribe altogether, click below.

:: Subscribe
:: Unsubscribe
:: Forward
:: Manage

Powered by TailoredMail