Today Sonatype and HP announced Sonatype’s Component Lifecycle Management (CLM) analysis technology has been integrated into HP’s cloud-based software security solution – HP Fortify on Demand.
It just wouldn’t be the holiday season without a report of another major security breach. This time Target is the victim and, true to form, the shame and blame game follows. At this point it shouldn’t come to anybody’s suprise that compliance doesn’t equal secure. Even though the full details of the attack are unknown, you […]
DevOps is certainly the buzzword of the year. Everywhere you turn, people are referring to DevOps and Continuous Delivery. It seems as though the final frontier to developer productivity has arrived. The reality, which is what large organizations deal with on a day to day basis, is like all development methodologies in the past; the […]
The latest news hitting the wire, the internet, the blogosphere and the social media circuit is the hack of the Apple developer site that was acknowledged by Apple. To no one’s surprise, this was followed by the typical shame and blame game. I don’t know about you but I am getting a little tired of the sensationalist […]
I recently attended and gave a brief talk at the Sofware Assurance Working Group. I spoke about the need for security folks to speak with developers – not at them. This is a frequent topic in the security space but I have to question, have we gotten any better? My answer – ”Not so much”. […]
Do vulnerability counts from sources like the National Vulnerability Database (CVE data) and Open Source Vulnerability Database (OSVDB) really matter? A recent article by Robert Lamos at darkREADING, questioned the usefulness of the metrics generated by these reports since the counts don’t add up. Looking at the trends, it’s been easy to see that vulnerabilities are increasing, but […]
Over the past week, there have been several articles, blog posts and security institutes about the latest release of the OWASP Top 10. Now is the right time to join the discussion. All this chatter doesn’t come as a surprise to me or others that have been long time participants in the application security space. […]
I’m glad to see that Simon Phipps, independent open source consultant and a director of the Open Source Initiative, promote the need to manage components effectively. In his recent InfoWorld article he notes: “Cyber security is on the national political agenda, but do we really understand what it takes to be secure? Now that enterprise […]