Building security into the SDLC Software development life cycle

  • May 11, 2016 11 May'16

    SourceClear offers free security tool for open source code projects

    It's a scary world out there, but developers are in a rush to release. SourceClear Open gives developers the tools to make open source code projects more secure for free.

  • April 27, 2015 27 Apr'15

    Data privacy lawyer explains 'data by design'

    Data privacy lawyer Jeff Kosseff discussed the current state of data privacy law as it applies to big data at the Big Data Tech Con in Boston.

  • December 17, 2010 17 Dec'10

    Requirements management with embedded software: Interview with IntraPace

    What are the important considerations of a requirements management tool when developing embedded software for a medical device? In this Q&A with IntraPace software development manager Mace Volzing, SSQ asks about managing requirements for the ...

  • November 03, 2010 03 Nov'10

    Glitch author seeks mandated software quality controls

    In Part 2 of this SSQ interview with Glitch author Jeff Papows, we learn more about Papows' proposal for an IT Governance Manifesto which would mandate higher standards of quality for life-threatening software. Papows warns of the dangers of not ...

  • August 24, 2009 24 Aug'09

    GatherSpace beefs up cloud-based requirements management

    GatherSpace version 2 is now available and continues to offer low-cost software requirements gathering technology that is easily learned and easily implemented. According to GatherSpace founder Darren Levy, "It's painlessly easy to use, and an ...

  • August 20, 2009 20 Aug'09

    ALM: Best of breed vs. complete systems

    The ALM tool market is in an uproar as countless acquisitions, trends and shifts have altered the way in which application lifecycles are monitored industry experts explain situation.

  • March 09, 2009 09 Mar'09

    Why the quality assurance department should be involved in testing

    Bring the quality assurance department's many resources into the software testing process from the get-go, one expert advises, and watch common software development problems dissolve.

  • December 08, 2008 08 Dec'08

    Secure software development practices 'not rocket science'

    SAFECode's guide to secure software development provides practices for all stages of the software development lifecycle proven to improve software security.

  • October 15, 2008 15 Oct'08

    Browser security a concern for website development

    The number of Web browsers and the rise of sophisticated attacks against them, such as cross-site request forgery and clickjacking, complicate website development, security, and testing.

  • May 19, 2008 19 May'08

    PCI DSS compliance: Web application firewall or code review?

    If you need to comply with the application security regulation of the PCI Data Security Standard, should you opt for code reviews or a Web application firewall? Experts offer their opinions.

  • March 27, 2008 27 Mar'08

    Application security enters uncharted regions

    The revelation that pacemakers can be hacked illustrates how software makers have to start thinking differently about application security and quality.

  • January 28, 2008 28 Jan'08

    Developers get bigger role in software quality, security

    In the continuing drive to address quality and security earlier in the software development lifecycle (SDLC), two thought leaders in the automated source code analysis market -- Klocwork and Ounce Labs -- are targeting new releases at the developer.

  • November 28, 2007 28 Nov'07

    Microsoft's Michael Howard: Security must be a part of every application

    Security needs to become a way of life in application development, Microsoft's Michael Howard says. In this Q&A he explains how you need to use tools and educate people to make sure your applications aren't weak links.

  • October 15, 2007 15 Oct'07

    Wachovia banks on entitlement management for fine-grained application security

    Securent's Entitlement Management Solution helps Wachovia enforce fine-grained application security, restricting who can do what once inside an application. More than that, it relieves developers from having to develop and deploy custom access ...

  • September 06, 2007 06 Sep'07

    Ajax application security critical, experts warn

    While developers increasingly turn to Ajax to create applications, they're not including security controls, leaving those applications open to attack. Ajax experts Billy Hoffman and Bryan Sullivan explain what can be done to increase Ajax ...