O Budget Where Art Thou? Getting Application Security Funded With BSIMM
The first hurdle to running any successful Application Security program is getting it adequately funded. This should come as no great surprise to anyone. Software security is no different than any...
View ArticleFood for Thought: Mobile Application Security & HIPAA
As a pentester, it’s always a different story when we are the ones writing the report. Being on the receiving end is stressful, even more so when you throw compliance into the mix. I figured since I...
View ArticleLawsuits, Regulations and Third-Party Security
Every year the world seems to grow a little more regulated – and punitive. We’re now seeing banks suing retailers and compliance management firms over PCI assessments. And the recent breach in...
View ArticleSoftware Security: At the Front Line of Data Protection
A report released in the UK this week highlighted nicely the link between software security and data protection- a very hot topic this side of the pond in the midst of EU regulation reform and...
View ArticleNIST Updates Guidance On Securing Software Supply Chains
An updated guide on risk management practices recommends that companies pay more attention to the security of their software supply chain. A draft release of an updated risk management guide from the...
View ArticleWhy Did the Chicken Cross the Road? To Get Its 3rd-Party Applications Secured!
In the revisions to PCI DSS, now on version 3.0, the PCI Security Council added a note to Requirement 6.3, extending the secure software development mandate to include all custom, third-party developed...
View ArticleAre You Trustworthy? UK Outlines Third-Party Software Security Specifications...
I may be one of the few people that gets excited about regulations, controls, and guidance. But I suspect that there are many cyber security leaders that are excited and encouraged by the newly...
View ArticleFirst Prioritize, Then Patch: Yes, Another Blog on PCI 3.0
Your scan results may have you feeling a bit overwhelmed but our actionable data and sorting can help streamline your remediation efforts! In November’s update to PCI DSS, now on version 3.0, you may...
View ArticleMed Tech’s Promiscuity Problem
A roundtable discussion of medical device security finds that innovation in the connected health space is outstripping security. And the problem will get worse before it gets better. Physicians are...
View ArticlePCI Compliance & Secure Coding: Implementing Best Practices from the Beginning
Is your SDLC process built on a shaky foundation? A lot of the revisions to PCI DSS point toward the realization that security must be built into the development process. The foundation that ultimately...
View Article