Measuring the effectiveness of application security policies

Monday, 6 February 2006, 12:37 AM EST

It's easy for software vendors to insist that their products are safe, simply by pointing to the small numbers of vulnerabilities detected. But, as David Chisnall notes, statistics lie: Just because a package has few REPORTED vulnerabilities, that doesn't mean that it actually HAS few vulnerabilities, or address the severity of the holes that are reported. In this article Chisnall argues the true measure of security is what happens once a vulnerability is found.

At InformIT.

[ Read more ]




Spotlight

10 practical security tips for DevOps

By working with the DevOps team, you can ensure that the production environment is more predictable, auditable and more secure than before. The key is to integrate your security requirements into the DevOps pipeline.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Tue, Mar 31st
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //