Cargando…

Software Security and the "Building Security in Maturity" Model

<!--HTML--><p align="justify"> Using the framework described in my book &quot;<a href="http://www.swsec.com" target="_blank">Software Security: Building Security In</a>&quot; I will discuss and describe the state of the practice in softw...

Descripción completa

Detalles Bibliográficos
Autor principal: McGraw, Gary
Lenguaje:eng
Publicado: 2011
Materias:
Acceso en línea:http://cds.cern.ch/record/1337251
Descripción
Sumario:<!--HTML--><p align="justify"> Using the framework described in my book &quot;<a href="http://www.swsec.com" target="_blank">Software Security: Building Security In</a>&quot; I will discuss and describe the state of the practice in software security. This talk is peppered with real data from the field, based on my work with several large companies as a Cigital consultant. As a discipline, software security has made great progress over the last decade. Of the sixty large-scale software security initiatives we are aware of, thirty-two---all household names---are currently included in the BSIMM study. Those companies among the thirty-two who graciously agreed to be identified include: Adobe, Aon, Bank of America, Capital One, The Depository Trust &amp; Clearing Corporation (DTCC), EMC, Google, Intel, Intuit, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, VMware, and Wells Fargo.</p> <p align="justify"> The <a href="http://www.bsimm.com" target="_blank">BSIMM</a> was created by observing and analyzing real-world data from thirty-two leading software security initiatives. The BSIMM can help you determine how your organization compares to other real-world software security initiatives and what steps can be taken to make your approach more effective.</p> <h4> About the speaker</h4> <p align="justify"> <a href="http://www.cigital.com/~gem" target="_blank">Gary McGraw</a> is the CTO of <a href="http://www.cigital.com" target="_blank">Cigital, Inc.</a>, a&nbsp;software security consulting firm with headquarters in the Washington, D.C. area and offices throughout the world. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press.</p> <p align="justify"> Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software (acquired by HP), Invincea, Dasient, and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean&sup1;s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security &amp; Privacy magazine (syndicated by informIT).</p> <pre> podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com personal www.cigital.com/~gem </pre>