Software Security at EMC: The Journey So Far

As the lead of the Product Security Assurance team at EMC, I am often asked to talk about our software security practices. While previously we have shared our practices with industry presentations, SAFECode papers, etc., I thought now is as good a time as ever to write a blog post to … READ MORE

Reeny Sondhi June 25th, 2013

Secure Product Deployment: A Team Sport

Year after year, studies such as the Verizon Data Breach Investigation Report show software vulnerabilities and misconfiguration among the main data breach causes. At EMC, we operate under the assumption that securing a product in a customer environment is a team sport between the product vendor and the customer deploying … READ MORE

Eric Baize May 4th, 2013

SAFECode Welcomes Howard Schmidt

Today, SAFECode announced the appointment of Howard Schmidt as its new Executive Director. At a time when Cybersecurity has become a top priority for governments in the US and around the world, Howard’s experience and reputation will help SAFECode be more effective in promoting proven software assurance practices across the … READ MORE

Eric Baize February 25th, 2013

SAFECode Releases Software Security Guidance for Agile Practitioners

In the Product Security Office, we often get questions from developers across the industry on how to apply EMC’s Security Development Lifecycle to an Agile development model. Software security practices have been traditionally considered as suitable for serial waterfall development methodologies and there has been a lot of debate in … READ MORE

Reeny Sondhi July 26th, 2012

Secure Software is Getting High Level Attention

On May 15th and 16th in Washington, D.C. hundreds of secure software practitioners gathered for the first Security Development Conference organized by Microsoft. What made this conference unique was not so much the focus on secure software practices as it was the quality of the speakers and of the attendees.

Eric Baize May 21st, 2012

Happy Anniversary to Microsoft Trustworthy Computing Initiative

Ten years ago this month, Bill Gates issued a memo to all Microsoft employees announcing the Trustworthy Computing Initiative. Development was halted for several weeks to review code and to train Microsoft software engineers on security. This memo was later followed by the publication of Microsoft’s Security Development Lifecycle, as … READ MORE

Eric Baize January 25th, 2012

Software Security Meets Critical Infrastructure

This week, SAFECode announced the addition of Siemens as its newest member. SAFECode, the Software Assurance Forum for Excellence in Code was co-founded by EMC and other leading technology providers in 2007, to advance the adoption of effective software assurance methods. Siemens joins Adobe, EMC, Juniper Networks, Microsoft, Nokia, SAP … READ MORE

Eric Baize November 8th, 2011

EMC Security Development Lifecycle featured at GFIRST 2009

About a month ago, Reeny Sondhi from EMC’s Product Security Office presented EMC’s approach to securing products. She explained how SQL Slammer, IP storage, regulations and EMC’s acquisition strategy have influenced our approach to product security. Reeny also described our internal programs. Her presentation ‘A Vendor Approach to Secure Software … READ MORE

Eric Baize October 1st, 2009

A Security Engineering Training Framework

If there is one topic on which most security practitioners agree, it is the fact that employee training must be part of your organization’s security strategy. For IT users, the field of security training is pretty mature. Many of us go through yearly mandatory training reminding us to use passwords … READ MORE

Eric Baize May 12th, 2009

“My software is secure, I use encryption!”

“My software is secure, I use encryption!” How many times have we, software security practitioners, heard this when engaging with software development teams? I certainly have, and this is typically followed by a barrage of questions to the development team that signifies that they are about to enter a tumultuous … READ MORE

Eric Baize April 17th, 2009
Click to Load More