But does the revised Computer Resiliency Act text calm open-source fears around reporting and liabilities? By Joe Fay The European Union (E.U.) Cyber Resilience Act could be finalized by the end of this year after the member states agreed on a revised text for the controversial cybersecurity legislation. The revised text was agreed this week by the European Council. It includes plans for a single vulnerability reporting platform and clarifies under which circumstances open-source software will be covered by the legislation. The legislation came under criticism from industry bodies for being too prescriptive when it was unveiled by the European... Read more →
46 posts categorized "Software Development"
21 July 2023
E.U.’s Computer Resilience Act Rewrite Clarifies Vulnerability Reporting, Product Classes
Posted by ISC2 Management on 21 July 2023 at 12:30 PM in IT Security, Software Development | Permalink
|
Comments (0)
17 July 2023
New cybersecurity express-learning opportunities with (ISC)² Skill-Builders
Cybersecurity never stands still. It’s a constantly evolving field that requires constant learning to stay in front of cyberthreats. (ISC)² Skill-Builders are a new way to stay current and demonstrate your knowledge of emerging cybersecurity topics. The quick, on-demand learning from cybersecurity’s leading professional organization features content created by industry experts. Learning activities focused on real-world activities ensure the content is accessible and relevant. Anyone can access the courses anytime, anywhere. (ISC)² Skill-Builders dive into the following focus areas: Entry-Level Cybersecurity Skill-Builders - Learn valuable fundamental skills as you pursue a career in cybersecurity. Cloud Security - Get up to... Read more →
Posted by ISC2 Management on 17 July 2023 at 08:00 AM in Cloud Security, Cybersecurity Training, IT Security, Network Security, Operations Security, Risk, Software Development | Permalink
|
Comments (0)
17 February 2023
Analysis: White House Cybersecurity Policy Maker - Secure Open Source Software Even If It Benefits ‘Adversaries’ We Should Do It Anyway
By Joe Fay Resiliency is the endgame of the U.S. approach to internet and software security. The U.S. has a vested interest in creating a secure and resilient internet and software ecosystem, even if it means its “adversaries” also benefit, a White House cybersecurity leader told the State of Open Conference in London late last week. During a panel session on international security policy, Sal Kimmich, director of open source at EscherCloudAI, AI DevSecOps, said researchers uncovering vulnerabilities could face pressure from nation states, and there needs to be a way of protecting them. Microsoft director of open source strategy,... Read more →
Posted by ISC2 Management on 17 February 2023 at 03:00 AM in Government , Malware, Software Development | Permalink
|
Comments (0)
12 September 2022
(ISC)² and Venafi Explore The Strange New World of Machine Identity Management
Earlier this year, (ISC)² hosted a webinar about a new kind of challenge facing cybersecurity: machine identity management. Although this security component has only received sizable attention over the last couple of years, Gartner ranked it among the top eight security trends for 2021. In the webinar, Kevin Bocek, Vice-President of Security Strategy & Threat Intelligence for Venafi, discussed the problems that arise when machine identities fail, infamous machine identity attacks and the protective measures organizations can take. Machine identities – TLS, SSH, and code signing keys and certificates – control encryption, authentication, and code execution for software-based machines such... Read more →
Posted by ISC2 Management on 12 September 2022 at 08:00 AM in Operations Security, Risk, Software Development | Permalink
|
Comments (2)
23 August 2022
The ‘Hottest’ IT Security Technologies in 2022
Did you catch The ‘Hottest’ IT Security Technologies in 2022 webinar? If not, we are here to share the key takeaways. Steve Piper, CISSP, CEO and Founder of CyberEdge Group joined moderator Brandon Dunlap in this initial kickoff of a five-part webinar series discussing key insights from the 2022 Cyberthreat Defense Report. This webinar focused on which security technologies are most widely deployed and most planned for acquisition in 2022. The 2022 Cyberthreat Defense Report is now in its 9th year and surveys 1,200 IT security and decision-makers and practitioners in organizations of 500+ employees. The survey is designed to... Read more →
Posted by ISC2 Management on 23 August 2022 at 08:42 AM in Cybersecurity Workforce, Network Security, Operations Security, Software Development | Permalink
|
Comments (4)
24 February 2022
Igniting Adoption of a Secure Software Development Lifecycle – A Guide for Secure Software Champions
By Cynthia Freeney, CSSLP currently holds the dual role of project manager and security officer. Cynthia's current focus in the security realm is ensuring organizational policies, procedures, processes and security controls are in compliance and will withstand an upcoming SOC 2 Type II audit. There is a consensus among many industry thought-leaders, leaders within small, mid, and major-sized organizations, security researchers, and others regarding the importance of delivering secure solutions and products. An organization's ability to consistently and effectively provide secure products and solutions is predicated on its level of risk awareness, commitment to adopting and auditing processes that promote... Read more →
Posted by ISC2 Management on 24 February 2022 at 07:30 AM in Software Development | Permalink
|
Comments (6)
13 September 2021
What is the impact of software supply chain security challenges?
Digital innovation creates competitive advantage and value for every type of business. Three things are common among corporate software engineering teams: They seek faster innovation They seek improved security They utilize a massive volume of open source libraries Faster innovation does not mean that developers need to reinvent the wheel. Instead, faster innovation demands efficient reuse of code, which has led to a growing dependence on open source and third-party software libraries. Developers are using artifacts into public software repositories (npm, Maven Central, PyPI, NuGet Gallery, RubyGems, etc.) as reusable building blocks. This is the definition of the modern software... Read more →
Posted by ISC2 Management on 13 September 2021 at 08:00 AM in Network Security, Software Development | Permalink
|
Comments (0)
09 August 2021
The Pitfalls of Poor Software Implementation
The importance of apps to businesses Software applications (apps) are at the heart of modern business success and have transformed the way companies handle their operations. A well designed and developed app with user-friendly methodologies and a security and privacy mindset can be very beneficial to a company’s operating, marketing, and sales strategies. Apps benefit businesses in numerous ways, providing credibility, higher productivity, and building trusted relationships with their customers. However, developing an app does not always go as planned. Failures do happen. And when they happen, they create major disruptions and financial losses. Have we learned from past failures?... Read more →
Posted by ISC2 Management on 09 August 2021 at 08:00 AM in Cybersecurity Certifications, Software Development | Permalink
|
Comments (2)
12 July 2021
Security Evangelist or Zealot – Where to Draw the Line
The Bean Counters Many years ago, a car was manufactured with a design flaw resulting in the gas tank catching fire when the car was struck from behind. Many deaths stemmed from this mechanical flaw. It was later revealed during subsequent wrongful death court cases, that the vehicle’s manufacturer was aware of the problem, had performed a risk/benefit analysis, and determined the cost to fix the problem would exceed any penalty levied by the courts. As a software security professional, you may question – what type of software could result in a risk to life? Imagine, however, a faulty calculation... Read more →
Posted by ISC2 Management on 12 July 2021 at 08:00 AM in Cybersecurity Certifications, Software Development | Permalink
|
Comments (0)
13 May 2021
Creating Secure Software Requires More Than Just Motivation
The Power of Positive Thinking Remember the early days of software programming? There were stories about the solitary programmer, toiling late into the night, (and into the next days and nights), working until the creation was complete. These images were corroborated by people such as Shawn Fanning, the creator of Napster, and Mark Zuckerberg, the creator of Facebook. They had more than a mission; they had a vision, and unceasing motivation. Software development has come a long way from those “lone wolf” days. The alumni of those early days have gone on to greater tasks. While the motivation to create... Read more →
Posted by ISC2 Management on 13 May 2021 at 08:00 AM in Cybersecurity Certifications, Software Development | Permalink
|
Comments (1)
26 April 2021
These Roles Require Cybersecurity Training
With data breach rates rising and criminal attack methods becoming more sophisticated each day, it is essential for every organization to take security seriously. That means cybersecurity training and education so that key stakeholders understand the risks that businesses are facing, and which strategies are most effective for protection. Who should receive cybersecurity training in your organization? While your immediate reaction might be to think training should stay with the cybersecurity team, there are actually many roles that would benefit from security knowledge and education. Cybersecurity is a shared responsibility and since many companies do not have a formal security... Read more →
Posted by ISC2 Management on 26 April 2021 at 07:55 AM in Cybersecurity Training, Operations Security, Software Development | Permalink
|
Comments (0)
12 April 2021
Wanted: Software Developers with a Security Mindset
The modern software developer faces an enormous amount of challenges. From continuously creating innovative apps to ensuring high quality and meeting tight deadlines, developers need to cope with many responsibilities. As a result, security is still one of the last priorities on many developers’ minds during the software development lifecycle. Vulnerable Apps Increase Cyber Threats Despite that the 2020 Verizon Data Breach Investigations Report indicates that most data breaches happen through vulnerable web applications, many developers are still hesitant to adopt a security mindset. Even though the news headlines are filled with the names of companies being compromised every day,... Read more →
Posted by ISC2 Management on 12 April 2021 at 08:12 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security, Software Development | Permalink
|
Comments (0)
09 March 2021
6 Tips to Integrate Security into Agile Application Development
The fast and innovative nature of modern business requires enterprises to become competitive and disrupt their markets. The best way to do that is to incorporate agile methodologies into operational processes. Software development is a business function transformed by agile methodologies. Agile Software Development Benefits Businesses Agile software development is the method of developing high-quality software solutions, web applications and mobile applications, where the requirements and implementations evolve through the collaborative effort of cross-functional teams and their customers. Agile software development focuses on continuous software delivery and requires change even in late development stages. Businesses benefit from agile software development... Read more →
Posted by ISC2 Management on 09 March 2021 at 08:15 AM in Cybersecurity Certifications, Cybersecurity Workforce, Software Development | Permalink
|
Comments (1)
10 February 2021
The Importance of a Good Software Security Policy
Policy is Everywhere Think of every company you have ever worked for. Whether it was a job in a warehouse, or employment in an office, there was always a policy to follow. In fact, when you think back to your earliest days, your family also had policies. Policies are the rules established to keep order within a group. Sometimes, policies are not followed, or are simply ignored. According to a report issued by the Federal Aviation Administration, one of the primary causes of policy failure is a lack of available, current, or well written documentation. That was followed by the... Read more →
Posted by ISC2 Management on 10 February 2021 at 08:45 AM in Cybersecurity Certifications, Software Development | Permalink
|
Comments (0)
17 December 2020
A Recipe for Avoiding Software Failures
Have you ever baked something, only to see it fail due to the lack of a key ingredient? For instance, a cake will not rise if you add baking powder after you realize it was forgotten in the original ingredient list. The same is true for many failed endeavors. The addition of a critical component after the project is completed does little to improve the original plan. In many cases, it introduces unintended complexity that sets off a cascading series of problems. As a security professional, you probably can name a list of software that was released too early, requiring... Read more →
Posted by ISC2 Management on 17 December 2020 at 08:35 AM in Cybersecurity Certifications, Cybersecurity Workforce, Software Development | Permalink
|
Comments (0)
06 February 2020
Open Source & Secure Software Development Are Not Mutually Exclusive
By Dr. Thomas P. Scanlon, CISSP Software Engineering Institute, Carnegie Mellon University Today’s software developers are as much integrators as they are pure coders. There is an abundance of libraries, plug-ins and other third-party software components readily available to speed development. There is no sense in reinventing something when you can just download it, merge it in and move along. Using free and open source software (FOSS) components can save both time and money, so they make for attractive choices. However, including open source software into development projects often makes the cybersecurity professionals in an organization a little uneasy. But,... Read more →
Posted by ISC2 Management on 06 February 2020 at 08:45 AM in Software Development | Permalink
|
Comments (0)
31 January 2020
Certified Secure Software Lifecycle Professional Exam Updates
Last week, IBM’s Security Intelligence blog reported on the highly-discussed cybersecurity skills shortage – and in particular, how some areas are lacking in talent more than others. “Software development is one of the areas most starved of security attention,” wrote Irene Michlin. If you’ve set your sights on specializing in software development cybersecurity, the CSSLP certification is for you. Based on the results of the job task analysis conducted in 2019, the exam will be changing in several ways when it is published later this year. The number of items and the time allowed for the exam will be reduced... Read more →
Posted by ISC2 Management on 31 January 2020 at 09:15 AM in Cybersecurity Certifications, Software Development | Permalink
|
Comments (0)
15 April 2013
Secure Software Development – Closing the Gap between Risk Awareness and Response
by Mano Paul, CISSP, CSSLP, MCSD, MCAD, CompTIA Network+, ECSA As highlighted in the recently released 2013 Global Information Security Workforce Study (GISWS) – the largest vendor-neutral study of its kind conducted by (ISC)2 and analyst firm Frost & Sullivan – the largest gap between information security risk awareness and response exists in the secure software development discipline. In fact, respondents ranked application vulnerabilities as their top concern, making application security and secure software development the highest ranking security concern for the information security profession today. As the first software security certification, the groundbreaking Certified Secure Software Lifecycle Professionals (CSSLP®s)... Read more →
Posted by Mano Paul on 15 April 2013 at 02:00 PM in Risk, Software Development | Permalink
|
Comments (1)
09 April 2013
A Career in Science and Technology – from Nuclear Engineering to Cyber Security
By: Hord Tipton One chooses their career path for different reasons – whether it be following in a parent’s footsteps or an innate desire to help others. I was inspired by a chemistry teacher to pursue a career in chemical engineering and found success in engineering nuclear weapons for Atomic Energy Commission, securing SCADA systems that controlled vital resources such as the Hoover Dam, and enhancing information and software security standards through credentials and education. Throughout my vast career, I’ve seen computers shrink from room-sized to pocket-sized with more power in one device today than throughout an entire operating system... Read more →
Posted by Hord Tipton on 09 April 2013 at 09:15 AM in IT Security, Operations Security, Software Development | Permalink
|
Comments (0)
21 November 2010
Project Quant
Project Quant is supposed to be a database security framework. At this stage it seems to be a decent outline of security in general, although there doesn't appear to be much in place that is particular to database security as a specialty. Read more →
Posted by Rob Slade on 21 November 2010 at 05:13 PM in Cybersecurity Training, IT Security, Operations Security, Software Development | Permalink
|
Comments (0)
Search
Categories
- Center for Cyber Safety and Education (52)
- Cloud Security (137)
- Cybersecurity Certifications (387)
- Cybersecurity Training (315)
- Cybersecurity Workforce (254)
- Digital Forensics (30)
- Ethics (53)
- Government (127)
- Insider Risk (57)
- ISC2 Chapters (22)
- ISC2 Events (166)
- IT Security (389)
- Legal (46)
- Malware (116)
- Network Security (178)
- Operations Security (144)
- Privacy (117)
- Ransomware (90)
- Risk (204)
- Software Development (46)
- Spotlight (71)