HOME > SECURITY RESOURCES > WHITE PAPER ABSTRACT
These library resources require an Ounce Labs ID. Log in or register.
Weapons for the Hunt:
Methods for Software Risk Assessment
According to NIST, greater than 93% of reported vulnerabilities are software vulnerabilities, exposing organizations to risk of attack, and yet most organizations lack the information necessary to proactively locate and remediate these threats. Rather than relying on network security technologies to protect against threats to application-level vulnerabilities, organizations are now turning their attention to the need for software vulnerability assessment and secure programming best practices in order to minimize the risk presented by the applications themselves.
This paper will discuss the tools available to understand and manage vulnerabilities in source code, including manual code review, penetration testing, and source code analysis, the advantages and disadvantages of each, their place in the software development lifecycle, and how to best employ security assessment data towards a more effective software risk management strategy.