Maturity model … OWASP Security Spending Benchmarks Project ... Web 2.0 ... Automated testing ... Sneaky boss
Along with my friends Gary McGraw and Sammy Migues, I've been busy interviewing executives involved in some the world's leading software security initiatives. We're in the process of building a maturity model out of the data we collected, but some of what we've learned is too good to wait, so we wrote up a Letterman-style Top 10 Surprises article. Check it out.
Does your company perform above or below average when it comes to investing in software security? Do you have enough people for the job? Through the OWASP Security Spending Benchmarks Project, led by Jeremiah Grossman and Boaz Gelbord, we intend to answer questions like these. Please take a few minutes to fill it out. Here is the password to access the survey: OWASP_SSB6.
Don't miss our feature article, Web 2.0's Thrills and Spills. You'll want to read about the new issues that Web 2.0 introduces into the threat landscape.
If your organization is interested in using automated testing tools, take a look at readers' advice -- and learn about three key steps you can take toward automation.
How do you handle a spineless boss who always blames you when something fails? Would you please provide advice to one of our readers?
Please let us know how successful we are at including articles relevant to you by taking a one-minute reader survey. You could win a complimentary copy of Secure Programming with Static Analysis.
If you would like to unsubscribe from this newsletter, please click on link at the bottom of the page.