January 2009 - Issue 6

View Online

Tell a Friend
Top Banner
Editorial Corner


Brian Chess

Maturity model … OWASP Security Spending Benchmarks Project ... Web 2.0 ... Automated testing ... Sneaky boss 

Along with my friends Gary McGraw and Sammy Migues, I've been busy interviewing executives involved in some the world's leading software security initiatives. We're in the process of building a maturity model out of the data we collected, but some of what we've learned is too good to wait, so we wrote up a Letterman-style Top 10 Surprises article. Check it out.

Does your company perform above or below average when it comes to investing in software security? Do you have enough people for the job? Through the OWASP Security Spending Benchmarks Project, led by Jeremiah Grossman and Boaz Gelbord, we intend to answer questions like these.  Please take a few minutes to fill it out. Here is the password to access the survey: OWASP_SSB6.

Don't miss our feature article, Web 2.0's Thrills and Spills. You'll want to read about the new issues that Web 2.0 introduces into the threat landscape. 

If your organization is interested in using automated testing tools, take a look at readers' advice -- and learn about three key steps you can take toward automation. 

How do you handle a spineless boss who always blames you when something fails? Would you please provide advice to one of our readers?

Please let us know how successful we are at including articles relevant to you by taking a one-minute reader survey. You could win a complimentary copy of Secure Programming with Static Analysis.

If you would like to unsubscribe from this newsletter, please click on link at the bottom of the page.
Feature Story
Feature

Web 2.0's Thrills and Spills

How to stay secure in a brave new environment

by Barbara Morris, Editor, Secure Software Advisory

Today's Web user -- whether a "digital native" born with a silver flash drive in one fist, or a "digital immigrant" having hard-won Web skills -- is probably handy with some aspect of Web 2.0. Since that term was coined in 2004, new uses of Internet technologies continue to introduce unique forms of collaboration and communication.

Read more

Introducing Off by On:
the latest on Software Security Assurance

Fortify is champion in Bloor’s Report.

More ...
<img ALT=

Complete our one-minute reader survey, and you could win the book Secure Programming with Static Analysis.

The Case for Business Software Assurance

Open Source Security Study

Subscribe here or manage your subscription.

OWASP

CERT

More ...

Software Security

Security & Privacy

darkREADING

More ...
December 2008
Issue 5
November 2008
Issue 4
September 2008
Issue 3
August 2008
Issue 2
July 2008
Premier
[More...]

 
Complimentary White Paper

A CISO's Guide to Application Security

Fortify

Security breaches are expensive. They cost time and effort in litigation, remediation and reputation restoration. But when it comes to security, businesses rarely do it right. Learn why application security is more critical than ever to your business, and the six steps to secure applications.

Download this complimentary white paper.
What's Your Best Advice?

This Issue's Dilemma:

This Issue's Dilemma

How to handle a sneaky boss?

While I like my job, my problem is not a co-worker; it’s my boss. She is cheerful and chummy, but when something fails, she blames someone on our development team. I’m usually the person she blames. She assigns me projects without the guidance or resources to be successful. When the security fails, it becomes "my fault." 

How do I deal with her? Should I talk to her or go to HR? -- Fred, Software Engineer

This Issue's Dilemma Can You Help? Share your experience or your best advice, You could win a copy of Secure Programming with Static Analysis by Brian Chess & Jacob West, a $49.95 value.

Got a business problem or question for our readers to tackle? 

Previous Issue's Dilemma

Previous Issue's Dilemma

How should we automate our security tests? 

Since security tests are expensive and time consuming, my company is starting to consider the idea of automating these tests. What do you do to automate the testing process to get a minimum of security? Any information you have about this subject is much appreciated. Which tools do you use? And by the way, how many people are involved? Thanks in advance for your suggestions.

-- C. G. (name and company withheld on request)       Read what our readers have to say.

Communication and Leadership

Crunch Time for the IT Industry
How hard will IT get hit?
from Information Age

Salaries Up, Jobs Down
In a downturn, employers cut jobs rather than pay
by Peter Coy and Jena McGregor - Business Week

The Increasing Threat

The Guy Who Hacked DNS
And the team that defended the Internet
by Joshua Davis - Wired

How WPA Was Hacked
Chopchop attacks on WPA
from Heise Online

Getting Things Done

Heads in the Clouds?
Cloud computing security issues
by Deb Radcliff - SC Magazine

The 10 Commandments of Goal-Setting
The final word on action and consequence
by Gary Ryan Blair - The GoalsGuy Shop
GS.gif
productsandservices.gif solutions.gif resourcecenter.gif customers.gif partners.gif newsandevents.gif aboutfortify.gif

"ConnectedIn Media consulted in the development of our e-newsletter and
made the process easier than we ever expected."

-- Sherry Ramm, Director of Global Marketing
Fortify is concerned about your privacy. We do not rent, sell or exchange email addresses. Copyright 2009, InternetVIZ. All rights reserved. You can write to us at 2215 Bridgepointe Pkwy, Suite 400, San Mateo, CA 94404.

You are subscribed using the following email address: sample@tailoredmail.com. If you wish to change your selections or unsubscribe altogether, click below.

:: Subscribe to this newsletter ...
:: Unsubscribe
:: Forward
:: Manage

Powered by TailoredMail