August 2009 - Issue 7

View Online

Tell a Friend

Federal Government - Fortify

General Colin Powell keynote ... Fortify on Demand ... The U.S. cyber security initiative ... Developing secure components

Bruce Jenkins
Bruce Jenkins,
Managing Consultant

In May, General Colin Powell (Retired) delivered the keynote address, "Leadership in Times of Great Change," at the Fortify Executive Summit in Washington, D.C. The former secretary of state's opinions on Rush Limbaugh and the state of the Republican Party during the event's Q & A portion generated quite a bit of press coverage.

In addition, we are pleased to announce the launch of Fortify on Demand, a set of hosted Security-as-a-Service (SaaS) solutions that allows organizations to test and score software vulnerabilities and delivers comprehensive reports with a clear-cut rating system.

Don't miss this month's feature article about the U.S. cyber security initiative and how it will impact government and industry alike. Gregory Garcia, the nation's first presidentially appointed assistant secretary for cyber security and communications for the U.S. Department of Homeland Security from 2006 to 2008, discusses the importance of public/private collaboration to develop more secure cyber defenses.

If you've ever wondered whether your organization should spend more time on training developers to think like hackers or on writing secure code, read this issue's Best Advice column to see what your peers think. In this issue, one of our readers needs advice on ways to create secure components for internally developed software. Do you have any suggestions? Please share your thoughts with us on best practices.

Finally, let us know how successful we are at including articles relevant to you by taking a one-minute reader survey.

If you would like to unsubscribe from this newsletter, please click on link at the bottom of the page.


The U.S. Cyber Security Initiative

Gregory Garcia talks about public and private sector collaboration

by Barbara Morris, Editor, Federal Secure Software Advisory

President Obama's recent announcement of a government cyber security initiative, including the appointment of a cyber security czar reporting directly to the president, comes in the wake of increasing threats to U.S. assets. As part of the initiative, the president has promised that the U.S. government will work with the private sector to continue implementing the comprehensive cyber security policy begun in January 2008; however, the implementation is at least five years on the horizon, depending on budget appropriations and implementation.

Read more

Magic Quadrant Report

Download your complimentary copy of Gartner’s Magic Quadrant Report on Static Application Security Testing (SAST).

Fortify Launches On Demand

Read The Cyberspace Policy Review

Fortify Lands in Gartner’s Magic Quadrant

Complete our one-minute reader survey to help us understand what you would like to see in future newsletters.

Subscribe here or manage your subscription.

NIST -- Performance Measurement Guide for Information Security

ASIS International-ASIS

Open Web Application Security Project-OWASP

Computer Security Institute-CSI

Off by On: The latest on Software Security Assurance

Government Security News

Government Computer News

Federal Computer Week

Washington Technology

June 2009
Issue 6
April 2009
Issue 5
February 2009
Issue 4
December 2008
Issue 3
October 2008
Issue 2
August 2008



The Federal Information Security Management Act (FISMA) provides a framework for ensuring the protection of government information, operations and assets. Agencies tasked with mandatory compliance with FISMA confront myriad challenges. Fortunately, the federal government has developed standards and guidelines for selecting, categorizing and assessing information systems. However, as some agencies have learned, successfully meeting the requirements of FISMA requires not only technical changes but also fundamental cross-organizational and cultural shifts that often prove less easy to affect.

This in-depth Guide to FISMA for senior IS executives details best practice approaches to demonstrating compliance and avoiding costly audits. Learn the steps that will help your organization ensure that people, processes and technology are all employed to best meet FISMA mandates. Read more

Previous Issue's Dilemma:

Developer training: Should we spend more time on security or coding?

Last Issue's Dilemma
In my company, there are conflicting opinions on how much time we should spend training developers in hacking techniques versus writing solid code. What do you think? Should we spend 50 percent of the time on each? Or 20/80? I'd be interested in hearing about what others cover in developer training.

-- T. Spalding

Read what others had to say.

This Issue's Dilemma:

Any advice on providing secure components for software developers?

This Issue's Dilemma
For more than two years, my group has been responsible for performing security assessments for all of our internally developed software. We see the same mistakes over and over, so now we're thinking about providing some secure components that our developers can use. It should be a win-win situation -- they don't have to reinvent the wheel, and we don't have to re-audit the wheel. What should we create first: an authentication layer, input validation or crypto key management? Should we start from scratch, or build on open-source or commercial products? -- C.J

Can You Help? Share your experience or your best advice.

FEMA Takes Open Approach to Social Media

Controlling and interpreting information

by Alyssa Rosenberg - Government Executive

Creating the Right Tone in an Organization

Talk the talk and walk the walk

by Tom Olzak - CSO Online

New Jobs in Cyberwarfare

Hacker soldiers in the Pentagon

by Christopher Drew and John Markoff - The New York Times

Securing the Electrical Grid

Security specialists work to secure the smart grid

by Jill R. Aitoro -

Black Hat Founder Tapped to Advise Homeland Security

Hacker works for the Homeland

by Thomas Claburn - Information Week

How Heartland Responded to the Data Breach

What other organizations can learn

by Rachael King - Business Week

Products and Services Solutions Resource Center Customers Partners News and Events About

"ConnectedIn Media consulted in the development of our e-newsletter and
made the process easier than we ever expected."

-- Sherry Ramm, Director of Global Marketing

Fortify is concerned about your privacy. We do not rent, sell or exchange email addresses. Copyright 2009, InternetVIZ. All rights reserved. You can write to us at 2215 Bridgepointe Pkwy, Suite 400, San Mateo, CA 94404.

You are subscribed using the following email address: If you wish to change your selections or unsubscribe altogether, click below.

:: Unsubscribe
:: Forward
:: Manage

Powered by TailoredMail