AppSec Blog: Tag - software security

Dealing with security vulnerabilities ... er... bugs

A serious problem in many organizations is that the relationship between security and development is marred by blame, mistrust, evasion and lack of understanding. One result of this is that development teams (and their business sponsors) don't take ownership for understanding and managing software security risks, and often try to ignore vulnerabilities or hide them. … Continue reading Dealing with security vulnerabilities ... er... bugs


Checklists, software and software security

There are practical applications of checklists in many different fields. Aviation, project engineering, now even surgery. But what about software? Sure, checklists are sometimes used in code reviews, to good effect. But can we do more, can we get the same thing out of checklists that pilots do, or that surgeons do? Continue reading Checklists, software and software security