Code Security: A survival guide

Looking for ideas to improve how code security is done in your enterprise? Here are several.

. What's this?

By , Senior Editor

May 26, 2010CSO

Code security is something companies have struggled with for some time. In the rush to make new websites and applications available to customers, vulnerabilities are inevitably left behind.

But more companies are starting to realize security must be baked into their code from the very beginning. The question is how best to get there.

To help answer that question, CSO has assembled a collection of related articles, podcasts and columns in one place for quick study and practical solutions.

UPDATED 2/23/2011


Software security for developers
In-depth strategies for writing secure code. 9 key principles and practical advice.

Software security basics for application development managers
Fewer security holes means better software quality and lower costs. Expert guidance on building and managing a software security program that pays off.

Code Security: MidAmerican Energy's top priority after SQL injection attacks
Security practitioners are increasingly bent on better code security, as Microsoft SDL, BSIMM and Rugged demonstrate. Here's how it became Priority 1 for one of the nation's largest energy providers.

'Unbreakable' was a stretch, 'Rugged' more attainable
CSO Senior Editor Bill Brenner on why the Rugged Software initiative is a big step forward in the quest for cybersecurity.

A New Hope for Software Security?
Security firms Fortify and Cigital introduce a new maturity model to help companies make software that's more secure than you can possibly imagine. But is the Force with them?

Inside Oracle's security assurance program
Oracle CSO Mary Ann Davidson walks SOURCE Boston attendees through her company's evolving secure coding effort.

Secure coders, take note: BSIMM2 released
Cigital CTO Gary McGraw and CSO Senior Editor Bill Brenner discuss the rollout of BSIMM2 and what it means for the future of secure software

Source Code Analysis Tools: How to Choose and Use Them
Source code analysis (or static analysis) software helps keeps buggy code from seeing the light of day.

How to evaluate and use Web application security scanners">
Specialized application penetration testing tools and services can help keep websites from serving as a front door for hackers and malware, feeding valuable intelligence back to your application development team.

Code Writers Finally Get Security? Maybe
A new study finds software writers increasingly intent on baking security into their code writing, and Microsoft gets high marks for helping the process along.

Microsoft Launches New Security Approach
Microsoft will soon release tools and methods it has used over the last few years to reduce the number of security problems in its software.

Read more about application security in CSOonline's Application Security section.

Other stories by Bill Brenner

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER