|
October/November 2004
Volume I, Issue 1
SPOTLIGHT ON: Software Assurance
Welcome to the inaugural issue of SVRM Update, a bimonthly newsletter from Ounce Labs that covers the developing arena of software vulnerability risk management. This issue explores the imperatives and solutions for software assurance, from the perspective of government, industry experts, and Ounce Labs security specialists. Future issues will spotlight web application security and software vulnerability metrics. If you would prefer not to receive future issues, you may unsubscribe here. |
IN THIS ISSUE:
 SPOTLIGHT ARTICLES
 Gartner
Says: Early Remediation Most Cost-Effective
Weapons
for the Hunt: Methods for Software Risk
Assessment
Q
& A WITH BILL CROWELL, Deputy Director of the NSA
IN THE NEWS
U.S.
government agencies aim for software assurance
The
Outsourcing Hole
WEBCAST ALERT
OUNCE POLL
OUNCE ANNOUNCES
UPCOMING EVENTS
SPOTLIGHT ARTICLES
Gartner Says: Early Remediation Most Cost-Effective
Incorporating software assurance early in the development cycle pays off. Gartner recently estimated the cost of removing a vulnerability during testing to be less than 2 percent of the cost of removing it from a production system. Read this analysis of the cost savings associated with early remediation. Click here for full article.
|
Weapons for the Hunt: Methods for Software Risk Assessment
Recognizing the risks posed by software vulnerabilities, many organizations are evaluating the range of tools and services available to assist in remediation and risk management. Dan Hestad, CISSP, a former Global Network Vulnerability Analyst for the National Security Agency and now with Ounce Labs, describes how to evaluate the available options and determine their most effective deployment in your software development lifecycle. Click here for full article.
|
  Read a brief Q&A Bill Crowell, former Deputy Director of the National Security Agency, recently spoke with Ounce Labs on the threats confronting our critical IT infrastructure. |
In The News
U.S. government agencies aim for software assurance
Grant Gross of the IDG News Service writes on the Federal Government’s recent efforts to work with vendors towards more secure software. Read about the inaugural Software Assurance Forum, sponsored by the Department of Defense and the Department of Homeland Security.
The Outsourcing Hole
Matthew French with Federal Computer Week examines the risks associated with outsourcing application development, and what some organizations are doing to mitigate that risk.
|
WEBCAST ALERT
Five Hidden Tactics for Secure Programming
James Foster, Deputy-Director of Global Security Solution Development for CSC, speaks on searchsecurity.com on “proper techniques and management tasks to finally ensure secure coding practices”.
View it today!
How does your organization currently audit software for vulnerabilities?
* (check all that apply)
UPCOMING EVENTS
 |
October 27, 2004
Cyber Security in the Financial Services Sector Executive Summit, NYC: panel participation and product demonstrations.
|
|
November 8-10, 2004
Computer Security Institute Conference, Washington, DC: Dan Hestad, CISSP, to present on methods for software vulnerability risk management.
|
OUNCE ANNOUNCES
|
|
|
