November 2010 - Issue 13

View Online

Tell a Friend

Federal Government - Fortify

Getting over the 'adoption hump' ...  Securing the cloud ... Security issues with mobile devices

This month's feature article, Getting Over the 'Adoption Hump,' addresses the inevitable mountain of unknown vulnerabilities that a company faces when implementing SSA. It also shows how, in the long term, this mountain becomes a molehill as an organization begins proactively institutionalizing SSA tools and practices across development teams.

This issue's best advice from readers goes out to J.B., who is concerned that his architecture group is underestimating the security problems they'll create when moving some services to the cloud. Readers have sent him suggestions about how to address those security issues.

One reader's agency is trying to cut costs but improve their software capabilities. He wants to know how he can make a case that open source isn't riskier than commercial software and save some money. Do you have any suggestions?

Also, let us know how successful we are at including articles relevant to you, by taking a one-minute reader survey. We'll be giving away three T-shirts. You could win one for answering the survey, for answering this month's dilemma or for submitting a question that could be used as a dilemma.

Getting Over the 'Adoption Hump'

How companies go the distance with software security solutions

by Amir Hartman and Craig LeGrande, Co-Founders and Managing Directors, Mainstay Partners

After running software security solutions for the first time, companies commonly uncover hundreds to thousands of new vulnerabilities. Dealing with this initial explosion of security flaws can sometimes be daunting. Here's how many companies "get over the hump."

Read more

Measuring the Business Impact of Software Security Assurance Solutions

Britain urged to shore up cyber defenses

Communicate the business value of application security solutions in a language that matters to the board

The real ROI of software security activities

Complete our one-minute reader survey and you could have a chance to win a Fortify T-shirt.

Subscribe here or manage your subscription.

NIST-Performance Measurement Guide for Information Security

NIST-Computer Security Resource Center

ASIS International-ASIS

Open Web Application Security Project-OWASP

Computer Security Institute-CSI

Off by On: The Latest on Software Security Assurance

Inevitable Surprises ... in Cyber Security

Government Security News

Government Computer News

Federal Computer Week

Washington Technology

Managed Software Security Assurance Services

Concerned by inadequate cyber security in the face of worsening cyberattacks and data breaches, the federal government has taken landmark steps to mandate risk management practices, including "baking-in" security through software security assurance. Learn about the opportunity that exists for systems integrators to create and offer managed software security assurance services (M-SSA) to complement their existing IT services offerings. M-SSA gives SIs the rare opportunity to blaze the trail to a more secure future for their federal and commercial clients and the country as a whole, by addressing the long-standing issue of software security assurance.

Click to read more!

Previous Issue's Dilemma:

Having cloud security issues?

Our architecture group is talking about moving some services into the cloud. I think they might be underestimating the security problems they're going to create, but I need help coming up with specifics and examples. Do readers have any suggestions? -- J.B.

Read what others had to say.

This Issue's Dilemma:

Making a case for secure open source

We're trying to cut costs but improve our software capabilities, but there is some pushback on open source. How could I make a case that open source software is not inherently riskier than commercial software and save my agency some money? Your advice is appreciated. -- J.D.

Can You Help?

Share your experience or your best advice and you could win a Fortify T-shirt!

DHS, DoD Join Forces in Cybersecurity Push
Formal partnership streamlines federal response
by Kenneth Corbin -

CISO Has Plans to Transform Government
Proposal to safeguard digital assets
by Eric Chabrow -

Air Force Manual Describes Shadowy Cyberwar World
Fast-changing world where anonymous enemies can carry out devastating attacks
by Dan Elliott - Associated Press

The Cyber Threat Grows More Urgent
Agencies need to work on standards, collaboration and public awareness
by Kevin McCaney - Washington Technology

Shortage of Cybersecurity Pros Plagues Agencies
Training and recruiting fall short
by William Jackson - Defense Systems

Bill Stalls That Would Define Presidential Cyber Defense Role
Kill switch not authorized
by William Matthews -

September 2010
Issue 12
April 2010
Issue 11
February 2010
Issue 10
Products and Services Solutions Resource Center Customers Partners News and Events About

"ConnectedIn Media consulted in the development of our e-newsletter and
made the process easier than we ever expected."

-- David Baer, Director of Global Marketing

Fortify is concerned about your privacy. We do not rent, sell or exchange e-mail addresses. Copyright 2010, InternetVIZ. All rights reserved. You can write to us at 2215 Bridgepointe Parkway, Suite 400, San Mateo, CA 94404.

You are subscribed using the following e-mail address: If you wish to change your selections or unsubscribe altogether, click below.

:: Subscribe
:: Unsubscribe
:: Forward
:: Manage

Powered by TailoredMail