For many years now, we've heard the experts preach about the need for more secure code writing at the very start of a product's development.
The good news is that this has led to the creation of several strong coding standards. The bad news is that it can be difficult for developers to sort through all the different guidelines in front of them.
It's not unlike the confusion IT security executives sometimes feel when trying to find the common threads floating in all the regulatory soup they've been told to drink.
To make things a bit easier, we've developed a vast collection of stories that sort through the different standards and the common elements within them all.
We covered one batch of articles in the first code security survival guide. This installment covers what we've covered in the two years since then.
Rugged DevOps: In search of the defensible infrastructure
DevOps moves too fast to build security into the process, some say. Not true, say others who believe one just needs to get a little Rugged.
Right now, the most tangible part of Rugged is its manifesto, which is aimed at developers. But to succeed, it needs to be something more. Much more.
Most companies skimp on third-party code checks, study finds
Despite all of the talk surrounding the importance of software quality, a study released today shows few companies are walking the secure development walk.
More secure software brought to you by the acronyms WRT and SQR
HP's Rafal Los on what organizations can do -- today -- to improve the security of the applications they develop.
How security can add value to DevOps
Gene Kim, award-winning entrepreneur, researcher and founder of security firm Tripwire, walks us through his vision.
Secure coding news flash: BSIMM3 coming
BSIMM3 will let organizers see how initiatives have evolved. One of its new features is the result of the group going back and re-measuring 12 of the original initiatives, to see what changes and improvements have made over time.