IN
THIS ISSUE:
 SPOTLIGHT
ARTICLES
 Beyond
Bugs: Scanning Code for Design Flaws
Ounce
Announces Integration with Leading Pen
Testing Solutions
Updated
PCI Standards Require Source Code Analysis
Securing
the SDLC: An Expert Webinar
Q&A
With Brent Huston, CEO of Microsolved, Inc.
IN
THE NEWS
Software security: How closely should you look?
The
Globe and Mail
A Process for Performing Security Code Reviews
IEEE Computer Society
UPCOMING
EVENTS
SPOTLIGHT
ARTICLES
Beyond Bugs: Scanning Code for Design Flaws
Software security is not just about eliminating coding errors, it is having the security mechanisms in place in the code, implemented properly, that protect data integrity and ensure privacy. This article discusses the range of design flaws and issues that must be considered, and scanned for, as part of any source code security review.
Click
here for full article
|
Ounce
Announces Integration with Leading Pen Testing Solutions
In an effort to provide customers with the most flexible and accurate approach to vulnerability remediation, Ounce Labs has announced product integration that combines its product’s source code assessment results with findings from Cenzic® Hailstorm®, SPI Dynamics™ WebInspect™, and Watchfire® AppScan®. Find out more about this important step in identifying exploitable vulnerabilities.
Click
here for full article
|
Updated PCI Standards Require Source Code Analysis
The major credit card vendors recently updated the mandated security requirements for any of their members, merchants and service providers that store, process or transmit cardholder data. This standard includes specific instructions to analyze web-facing applications for common security vulnerabilities. Get the latest details.
Click
here for full article
|
Securing the SDLC: An Expert Webinar
How you improve software security during the development lifecycle? How can you effectively combine your organization's development skills and security expertise to deliver more secure software? This expert webcast features actionable advice from two of the industry's leading experts on application security, Dr. Herbert H. Thompson from Security Innovation, and Ryan Berg of Ounce Labs.
Click
here to view webinar
|
  Read
a brief Q&A Brent Huston, CEO of MicroSolved, a
provider of risk management consulting for Fortune 500 corporations
and government agencies, sat down recently for a brief conversation
with SSA Update about recent trends in the threat landscape
and the impact on organizational approaches to operational
security and data privacy. |
IN
THE NEWS
Software
security: How closely should you look?
The Globe and Mail
Shane Shick, editor
of ITBusiness.ca, writes of the growing need to understand
the security state of the third party software on which
operations rely. The article features Ounce Labs CTO Jack
Danahy discussing some possible approaches to validating
the security of outsourced and packaged software.
|
A Process for Performing Security Code Reviews
IEEE Computer Society
Renowned Microsoft software security expert Michael Howard outlines his recommended process for effectively analyzing source code for vulnerabilities.
|
|
 Ounce
4 Nominated:
SC Magazine Readers Trust Award for Best Security
Software Development Solution
Don't
forget to cast your vote! (Deadline Oct. 13)
OUNCE ANNOUNCES
UPCOMING EVENTS
|
|
