EMC Product Security Sessions at the RSA Conference

This week in San Francisco, tens of thousands of security professionals are gathering for the the RSA Conference. For the seventh year in a row, representatives from EMC’s Product Security Office have been selected by the conference program committee to speak in a session. If you are at the conference, … READ MORE

Eric Baize February 25th, 2014

Open Trusted Technology Provider Accreditation Program

How does one measure the best product-related practices that may be in place in the world of Commercial Off-the-Shelf Technology (COTS)? Often specific versions of an Information and Communication Technology (ICT) product are certified by a third party “Lab” that can examine the state of that version in terms of … READ MORE

Dan Reddy February 4th, 2014

The BSIMM Nouveau Has Arrived

Gary McGraw’s team at Cigital just released version 4 of the BSIMM, the Building Security In Maturity Model. BSIMM is a survey of how software development organizations across many industries approach software security. It provides a good picture of the arsenal of techniques available to software security practitioners. EMC has … READ MORE

Eric Baize September 18th, 2012

The Case for Supply Chain Integrity

A couple of recent incidents are shedding some light on the complexity of ensuring software code integrity throughout the supply chain. In the first incident, nothing more than a USB battery charger connected to an USB port can turn your PC into a zombie under the control of attackers (see … READ MORE

Eric Baize March 15th, 2010

Defining Software Assurance

The term “software assurance” is often used interchangeably with the term “software security” to refer to the practices of avoiding and detecting unintentional vulnerabilities during the software development process. In a report published on July 29th, 2009 and entitled “The Software Supply Chain Integrity Framework – Defining Risks and Responsibilities … READ MORE

Eric Baize July 29th, 2009
Click to Load More