Build management and Governance
Don’t break the build. There is absolutely no question that the build process is a pivot in the software quality process. Build every day, don’t break the build and do a smoke test before releasing the latest version. This morning, I installed the latest build of an extremely complex network security product from one of […]
Practical security management for startups
We normally associate the term “small business” or SME (small to medium sized enterprise) with commercial operations that buy and sell, manufacture products or provide services – lawyers, plumbers, accountants, web developers etc… However – there is an important class of small business operations that is often overlooked when it comes to information security and […]
Medical device security in a hospital network
Medical devices are everywhere today. In your doctors office measuring your blood pressure, at your cosmetician (for hip reduction…) and in the hospital for everything from patient monitoring to robot-assisted surgery. The people that develop embedded medical devices based on Intel platforms know that Windows is vulnerable. Lacking embedded Linux know-how, medical device developers often […]
Customer security with software security
If you are an IT person, this article may be a waste of your time. But – if you are in the business of making and delivering products with software inside – read on. What threats really count for your business? No question is more important for implementing an effective security and compliance program for your […]
2009 CWE/SANS Top 25 Most Dangerous Programming Errors
I’ve been telling customers for years that most security exploits are caused by a small number of software defects (you can download my white paper on Software Security and see how to mitigate enterprise software vulnerabilities systematically using Business threat modeling Still it’s amazing how the trade press are gushing on this – must have […]
