Code Security: A survival guide

Looking for ideas to improve how code security is done in your enterprise? Here are several.

Code security is something companies have struggled with for some time. In the rush to make new websites and applications available to customers, vulnerabilities are inevitably left behind.

But more companies are starting to realize security must be baked into their code from the very beginning. The question is how best to get there.

To help answer that question, CSO has assembled a collection of related articles, podcasts and columns in one place for quick study and practical solutions.

UPDATED 2/23/2011

Software security for developers

In-depth strategies for writing secure code. 9 key principles and practical advice.

Software security basics for application development managers

Fewer security holes means better software quality and lower costs. Expert guidance on building and managing a software security program that pays off.

Code Security: MidAmerican Energy's top priority after SQL injection attacks

Security practitioners are increasingly bent on better code security, as Microsoft SDL, BSIMM and Rugged demonstrate. Here's how it became Priority 1 for one of the nation's largest energy providers.

'Unbreakable' was a stretch, 'Rugged' more attainable

CSO Senior Editor Bill Brenner on why the Rugged Software initiative is a big step forward in the quest for cybersecurity.

A New Hope for Software Security?

Security firms Fortify and Cigital introduce a new maturity model to help companies make software that's more secure than you can possibly imagine. But is the Force with them?

Inside Oracle's security assurance program

Oracle CSO Mary Ann Davidson walks SOURCE Boston attendees through her company's evolving secure coding effort.

Secure coders, take note: BSIMM2 released

Cigital CTO Gary McGraw and CSO Senior Editor Bill Brenner discuss the rollout of BSIMM2 and what it means for the future of secure software

Source Code Analysis Tools: How to Choose and Use Them

Source code analysis (or static analysis) software helps keeps buggy code from seeing the light of day.

How to evaluate and use Web application security scanners">

Specialized application penetration testing tools and services can help keep websites from serving as a front door for hackers and malware, feeding valuable intelligence back to your application development team.

Code Writers Finally Get Security? Maybe

A new study finds software writers increasingly intent on baking security into their code writing, and Microsoft gets high marks for helping the process along.

Microsoft Launches New Security Approach

Microsoft will soon release tools and methods it has used over the last few years to reduce the number of security problems in its software.

Security Smart: 4 Common Password Myths ... Debunked!