Secure Design in the Limelight

The launch last week of the IEEE Center for Secure Design is an opportunity to remind the industry of the prominent role of secure design in building secure IT products. Security engineering requires three main technical activities: Secure design, secure coding and security testing. Much of emphasis has been put by … READ MORE

Eric Baize September 2nd, 2014

EMC Product Security Sessions at the RSA Conference

This week in San Francisco, tens of thousands of security professionals are gathering for the the RSA Conference. For the seventh year in a row, representatives from EMC’s Product Security Office have been selected by the conference program committee to speak in a session. If you are at the conference, … READ MORE

Eric Baize February 25th, 2014

BSIMM-V: Software Security is Becoming Maintream

This week’s release of the fifth version of the Build Security In Maturity Model (BSIMM-V) reinforces a trend that many of us in the small world of software assurance are witnessing: Developing secure software is no longer the privilege of a few. I have been closely involved with the BSIMM … READ MORE

Eric Baize November 1st, 2013

Software Security at EMC: The Journey So Far

As the lead of the Product Security Assurance team at EMC, I am often asked to talk about our software security practices. While previously we have shared our practices with industry presentations, SAFECode papers, etc., I thought now is as good a time as ever to write a blog post to … READ MORE

Reeny Sondhi June 25th, 2013

Software Security Training for All

 Fifteen years ago, a common representation of the hacker was a computer science college student hacking systems from his or her dorm room. Nowadays hackers operate on a different scale; they are more often affiliated to criminal organizations or to nation states than to colleges or universities. The only thing … READ MORE

Eric Baize May 14th, 2013

EMC’s Approach to Vulnerability Response

Let’s face it – real software products have security vulnerabilities! While building strong secure software development practices goes a long way towards detecting and helping to eliminate security vulnerabilities during the development process, a strong product security program also needs to be prepared to properly handle and respond to security … READ MORE

Reeny Sondhi December 14th, 2012

Real Software Does Have Bugs (and Vulnerabilities Too)

I was recently interviewed by a business journalist at CNBC for a story on high-profile software glitches that impacted operations of a trading company and an airline. The interviewer was seeking insights into the relationship between these glitches and security. These interviews are always a refreshing opportunity to explain complex … READ MORE

Eric Baize September 6th, 2012

SAFECode Releases Software Security Guidance for Agile Practitioners

In the Product Security Office, we often get questions from developers across the industry on how to apply EMC’s Security Development Lifecycle to an Agile development model. Software security practices have been traditionally considered as suitable for serial waterfall development methodologies and there has been a lot of debate in … READ MORE

Reeny Sondhi July 26th, 2012

Happy Anniversary to Microsoft Trustworthy Computing Initiative

Ten years ago this month, Bill Gates issued a memo to all Microsoft employees announcing the Trustworthy Computing Initiative. Development was halted for several weeks to review code and to train Microsoft software engineers on security. This memo was later followed by the publication of Microsoft’s Security Development Lifecycle, as … READ MORE

Eric Baize January 25th, 2012

Secure Software Development Practices: Make Room on your Bookshelf

When I started EMC’s product security initiative more than eight years ago, useful information on the topic was scarce and my technical bookshelf was limited to “Writing Secure Code” by Microsoft’s Michael Howard and David LeBlanc, some work form Cigital’s Gary McGraw and an interview of Oracle’s MaryAnn Davidson. A … READ MORE

Eric Baize February 10th, 2011

EMC Security Development Lifecycle featured at GFIRST 2009

About a month ago, Reeny Sondhi from EMC’s Product Security Office presented EMC’s approach to securing products. She explained how SQL Slammer, IP storage, regulations and EMC’s acquisition strategy have influenced our approach to product security. Reeny also described our internal programs. Her presentation ‘A Vendor Approach to Secure Software … READ MORE

Eric Baize October 1st, 2009
Click to Load More