January 2010 - Issue 12

View Online

Tell a Friend

Top Banner
Editorial Corner

The inside scoop ... Security in the cloud ... Making the case for better software security

This month, we're bringing you a feature interview with Brian Chess, chief scientist and co-founder of Fortify Software. Chess talks about his background, breaches, Howard Schmidt and Fortify's accomplishments in 2009.

In the best advice column, readers offer steps to take to ensure your data is secure. We'd also like your suggestions for this month's dilemma: One of our readers needs advice on how to make the case to executives for better software security. How do you convince decision-makers of its importance so they set aside budget? Please share your thoughts with us.

Also, let us know how successful we are at including articles relevant to you by taking a one-minute reader survey. You could win a T-shirt for answering the survey or this month's dilemma, or for submitting a question that we use in the advice column.

If you would like to unsubscribe from this newsletter, please click on link at the bottom of the page.

Feature Story
digitalage.gif

Interview with Brian Chess:

Realizing the Advantages of the Digital Age

Just after the New Year, the editors of Secure Software Advisory sat down with Brian Chess, Chief Scientist and Co-founder of Fortify Software, to get his insight on the past, present and future of software security.

Brian, let's start at the beginning. Tell us how you got involved in software security.

"Back in 1995, I was finishing my Masters at the University of California at Santa Cruz and working on circuit design problems at Hewlett Packard when a handful of random events converged and led me to the world of static analysis and software security. First, I came across the book Applied Cryptography by Bruce Schneier and thought it was really cool. I wasn't ready to turn around at that point in my education and pick up all the math that was necessary to become a cryptographer, but I clearly saw a relationship between circuit design problems and cryptography problems. Read more

fortifylogosm.gif

Watch Jeremiah Grossman and Jacob West discuss
the benefits of correlating static and dynamic
security testing into a
single SaaS solution.

Click here to view webinar.

SSA eLearning

Click here to view a demo of the Application Security Fundamentals course.

No More Excuses for Insecure Software

Finally -- A Solid measurement of The Scale and Scope of Cyber Attacks

BlackHat Interview -- Taking Advantage of Security Spending Catalysts

Complete our one-minute reader survey and you could have a chance to win a Fortify T-shirt.

Subscribe here or manage your subscription.

OWASP

CERT

The SANS Institute

More ...

Off by On: The latest on Software Security Assurance

Fortify On Demand
Datasheet

CSO

Security & Privacy

darkREADING

SC Magazine

More ...

 
Complimentary White Paper
ten_questions.gif

Ten Questions You'd Better Ask to be Sure Your Company's Assets are Secure

Most applications today contain security vulnerabilities that can be exploited for profit or malicious use. That's why most hackers target your software, not the network infrastructure, in their attacks. What can you do to be certain your company's software -- and assets -- are secure?

Start by asking TEN essential questions.

What's Your Best Advice?
internetsecurity.gif

This Issue's Dilemma:

How can you make the case for software security? 

Our executives are of the opinion that our existing software security program is good enough. We've been lucky and haven't been hacked ... yet. Based on all the headlines I read, I know we have security holes just waiting to be breached, but I can't seem to get software security on the radar and in the budget.

How do you convince the CIO that software security needs more priority?

-- Paul, Web and Applications Manager

Can You Help? Share your experience or your best advice and you could win a Fortify T-shirt!


cloudsecurity.gif

Previous Issue's Dilemma:

Having cloud security issues?

Our architecture group is talking about moving some services into the cloud. I think they might be underestimating the security problems they'll create, but I need help coming up with specifics and examples. Do readers have any suggestions?

-- J.B.               Read what our readers have to say.

Communication and Leadership

IT Security Managers as Important as Products
Max Huang talks about oversight
by Max Huang, founder and CEO, O2Security - SC Magazine

Ten 2010 Predictions for Cybersecurity
Two security pros discuss the year ahead
by Bill Brenner, Senior Editor, csoonline.com

The Increasing Threat

Obama Names Schmidt to Head Cybersecurity
Tech industry and government veteran appointed
by John Markoff - NY Times

Ten International Organizations trying to Hack into Your Computer
From espionage to MP3s
from IT Security Editors

Getting Things Done

Strategic Guidance for Applying PCI-DSS Tactics
How sound strategy is boosted by clear tactics
by Steven Fox - csoonline.com

Source Code Analysis Tools
How to choose and use them
by Mary Brandel - csoonline.com

Issue 11
Issue 10
Issue 9
[More...]

productsandservices.gif solutions.gif resourcecenter.gif customers.gif partners.gif newsandevents.gif aboutfortify.gif

"ConnectedIn Media consulted in the development of our e-newsletter and
made the process easier than we ever expected."

-- Sherry Ramm, Director of Global Marketing

Fortify is concerned about your privacy. We do not rent, sell or exchange email addresses. Copyright 2010, InternetVIZ. All rights reserved. You can write to us at 2215 Bridgepointe Pkwy, Suite 400, San Mateo, CA 94404.

You are subscribed using the following email address: marketing@fortify.com. If you wish to change your selections or unsubscribe altogether, click below.

:: Subscribe
:: Unsubscribe
:: Forward
:: Manage

Powered by TailoredMail