Gary McGraw on BSIMM7 and Secure Software Development

Mike Mimoso talks to Cigital CTO and software security pioneer Gary McGraw about the latest results pulled from the Building Security In Maturity Model BSIMM. The framework measures the secure development activities of some of the world’s largest software companies and enterprises and can be used...

Gary McGraw on Software Security and BSIMM6

Mike Mimoso talks to Cigital’s Gary McGraw about software security and analysis from the sixth version of the Building Security in Maturity Model report. Download: garymcgraw102715.mp3 Music by Chris Gonsalves...

IBM Patches Predictable Output Problem in SecureRandom PRNG

Details have surfaced on a recently patched vulnerability in IBM’s SecureRandom pseudo-random number generator that could allow an attacker to predict its output. Only the default SecureRandom implementation in the IBM Java Cryptography Extension JCE framework is vulnerable; IBM recommends that...

[CVE-2014-0072] Apache Cordova File-Transfer insecure defaults

CVE-2014-0073: Apache Cordova In-App-Browser privilege escalation Severity: Important Vendor: The Apache Software Foundation Versions Affected: Cordova In-App-Browser iOS plugin from Cordova versions 2.6.0 to 2.9.0 Cordova In-App-Browser iOS standalone plugin org.apache.cordova.inappbrowser...

[CVE-2014-0072] Apache Cordova File-Transfer insecure defaults

CVE-2014-0072: Apache Cordova File-Transfer insecure defaults Severity: Important Vendor: The Apache Software Foundation Versions Affected: Cordova File-Transfer iOS plugin from Cordova versions 2.4.0 to 2.9.0 Cordova File-Transfer iOS standalone plugin org.apache.cordova.file-transfer versions...

CA20131024-01: Security Notice for CA SiteMinder

-----BEGIN PGP SIGNED MESSAGE----- CA20131024-01: Security Notice for CA SiteMinder Issued: October 24, 2013 CA Technologies Support is alerting customers to a potential vulnerability in CA SiteMinder that can be mitigated by utilizing existing product functionality. The vulnerability,...

How I Got Here: Gary McGraw

Dennis Fisher talks with Gary McGraw, CTO of Cigital, about his childhood as a violin prodigy, his early introduction to personal computers with the Apple II, his start in software security and the state of the discipline today. Download: 04garymcgraw.mp3...

Gary McGraw on BSIMM2, Software Security and Cargo Cult Science

Dennis Fisher talks with Gary McGraw of Cigital about the release of the BSIMM2 model, the continued maturing of software security programs and the similarities between computer security and cargo cult science. Podcast audio courtesy of Where’s Aubrey. Subscribe to the Digital Underground podcast...

Gary McGraw, Cigital

Like Geer, Gary has a unique view of the security world, one that is informed by his background in cognitive science and philosophy. He just doesn’t come at questions or problems the way that most people do, and that makes for interesting conversations. Gary’s among the top experts on software...

Gary McGraw on Software Security, the BSIMM Model and Critical Thinking

Dennis Fisher talks with Gary McGraw, CTO of Cigital, about the BSIMM security model, the maturation of software security and whether our universities are turning out critical thinkers. Podcast audio courtesy of Where’s Aubrey Download Subscribe to the Digital Underground podcast on...

Can we learn from Microsoft and Google on security?

Tech security company Fortify and security consulting firm Cigital are getting ready to release a set of best practices that tech companies and other businesses can follow to ensure that the software they develop is secure. The authors developed the model by studying the security practices at...