SecurityRatty: tag: reviews

"Walking" with the SDL - Part 3

2008-07-23 16:43:00 by sdl in The Security Development Lifecycle

...reviews and managing post-release documentation Formalize Requirements for long-term use Now that you are making security development a lifecycle, it is time to lock down and formalize your security requirements. At this point, you need to take what youve learned and begin translating your security principles into something that can apply to...

Tags: security requirements serve, security requirements, security development lifecycle, security development, requirements, lifecycle, security lifecycle, security, security ecosystem

Oh No! Security Metrics!

2008-04-18 12:43:00 by sdl in The Security Development Lifecycle

...reviews, code reviews, black box testing and other security procedures needed to make our products more secure. Everyone in the industry covets their expertise because it's in short supply, and so we've competed to bring in the most capable people - as employees, contractors and advisors. These experts, helping us execute the SDL, have helped...

Tags: bugs, implementation bugs, fewer security bugs, fewer, security bugs include, security, metrics, security metrics, security bugs

Walking with the SDL Part 2

2008-07-21 16:56:00 by sdl in The Security Development Lifecycle

...reviews. Then we will close with the discussions on conducting final security reviews, and managing post-release documentation Id like to hear if anyone is using the concept of crawling and walking to implement SDL in your company Do you provide security training to your employees today Do these additional training topics make sense in your...

Tags: define security requirements, security requirements, requirements, security, security development lifecycle, development lifecycle, security pulse, perform security analysis, principles

"Walking" with the SDL - Part 4

2008-07-25 20:49:00 by sdl in The Security Development Lifecycle

...reviews and managing post-release documentation Formalize your Final Security Review (FSR) Process A Final Security Review is your final security audit to ensure your software is secure enough to deliver to your customers. I will assume the idea of an FSR is a new concept and try to provide some FAQ-style detail on this topic Who is the FSR...

Tags: team, product team, requirements, define requirements, security requirements, security, final security report, threat models, re-review threat models

About the SDL Pro Network

2008-09-19 03:12:00 by sdl in The Security Development Lifecycle

...reviews, code reviews, penetration testing, training and other tasks critical to SDL implementation were (and are) common fare for these folks Despite the customer demand for SDL that I alluded to above, starting with a small pilot was the right thing to do; a small group of trusted consultancies supports our imperative for quality and it...

Tags: sdl, sdl pro network, sdl implementation, network, sdl delivery, sdl optimization model, quality, partner quality, security

TRICARE breach affects 4,700 households

2007-12-20 12:15:59 by Evan Francen in The Breach Blog

...reviews commensurate with the risk to the such information (unauthorized disclosure, alteration or destruction). This seems to be a case where you have an IT contractor in charge of design, implementation and maintenance of an application (typically with functionality as a driving factor) but also in charge of maintaining it's security....

Tags: tricare, information, personal information, code review, by-line code review, information security, tricare beneficiaries, beneficiaries, breach

Passport Canada web site suffers serious breach

2007-12-05 11:51:09 by Evan Francen in The Breach Blog

...reviews. Cut corners, lose data. Simple Commentary This is such a simple security oversight with such large ramifications. Who knows how long the information contained on the site was exposed or how long the vulnerability existed? Anonymous Coward (in the comments above) stated it right, this is negligence and cluelessness Me reminiscing...

Tags: passport canada, information, personal information, passport application information, application, breach, passport application site, passport canada spokesman, significant security breaches

Ask the Auditor: Who is Responsible for Information Security?

2007-12-29 06:24:50 by Editor in Security Links

...reviews and audits, corporate leaders advance the goal of overseeing the organizations information security program and ensuring its continuous improvement and success To fulfill its potential, the internal audit function needs to Know what they are doing (i.e., have the skills to perform appropriate security audits Have a long term...

Tags: information, information security, information policy, information security risks, information assurance, information security governance, information security managers, information security management, assign information security

Larry Sutos Paper Drama

2008-01-02 14:53:30 by RSnake in ha.ckers.org web application security lab

...reviews about why each are good/bad in their own rights, please send me a request to do so with access to whatever scanner you want me to test. Ill be happy to oblige, time permitting Next, let me talk about the actual topic at hand. I was not involved in the technical aspects of how Larry Suto built his test environment. I was aware of the...

Tags: paper, larry sutos paper, scanners, commercial scanners, test environment, environment, test, time, people

Skipton Financial Services personal customer data on stolen laptop

2008-01-04 22:21:58 by Evan Francen in The Breach Blog

...reviews of the consultant's information security practices throughout the life of the contract Past Breaches Unknown

Tags: skipton, information includes names, information, information security practices, skipton financial services, financial giant skipton, store confidential information, skipton spokesman, security

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo