Program Levels 5 to 6 – from Improved to Optimized This is the final post in a series on the Application Program Maturity Curve. In this series, we’ve advocated that Application Security is best pursued as a sustained, policy-driven program that employs proactive, preventative methods to manage software risk. This Maturity Curve model has been validated by Veracode using the real world results of… READ MORE

Program Levels 3 to 4 – from Baseline to Integrated This is post three in a series on the Application Program Maturity Curve. A dedicated and rigorous Application Security Program is best pursued as a sustained, policy-driven program that employs proactive, preventative methods to manage software risk. It will deliver an effective software security strategy that addresses both immediate and… READ MORE

Program Levels 1 to 2 – from Ad-Hoc to Blueprint This is post two in a series on the Application Program Maturity Curve, you can read the first post of this series here. As we’ve discussed, the program maturity model for Application Security has six levels. You should be able to recognize at which stage of the curve your particular organization is. The easiest one to recognize is an approach to… READ MORE

  About the Appsec Program Maturity Curve – a good model to follow… As information security professionals, we must pursue any opportunity to evolve our approach to application security. Most enterprises with in-house development teams do some kind of ad-hoc appsec testing, usually during the QA process. But maybe you think it’s time to do more than that, to get a bit more proactive in confronting… READ MORE

The first hurdle to running any successful Application Security program is getting it adequately funded. This should come as no great surprise to anyone. Software security is no different than any other IT initiative. Even a willing security team who has considered the ways needs to find the means, and that involves making a compelling case to those that hold the purse strings. For those of us… READ MORE

Data integrity is a fundamental component of information security. In its broadest use, “data integrity” refers to the accuracy and consistency of data stored in a database, data warehouse, data mart or other construct. The term – Data Integrity - can be used to describe a state, a process or a function – and is often used as a proxy for “data quality”. Data with “integrity” is said to have a… READ MORE

In addition to bringing you the latest in AppSec research and news in this blog, we will begin presenting short educational briefings on key subjects within the application security space. We hope you will enjoy and learn from these short posts. We value your opinion, so please let us know if there are any concepts or topics you would like to hear about from us. Today, I would like to pen my… READ MORE