You are here: silicon.com > Resources > White Papers > Security > Security Administration > Security Management

Security Management White Papers

Integrating Automated Tools Into a Secure Software Development Process

Tags:
security management

Overview Automated security tools are often used in software development, from static source code analysis tools to penetration testing tools. Unfortunately, due to a variety of reasons, many development organizations fail to get the maximum benefit from the tools. Worse, the way that many organizations use security tools may actually hamper effective development work. Penetration testing tools, for example, are commonly used for late life cycle "Black box" testing. This forces, at best, knee jerk reactions to remediate any defects that are found, quite often at the expense of the application's original design concepts. It also likely fails to find a great many security defects. This paper delves into the automated tools associated with secure software development, and how they can be successfully integrated into a development workflow.

Further White Paper Details
Publisher	KRvW Associates	File Format	PDF
Date Published	May 2007
Format	White Papers
Topics	Security Management, Security Tools, Application Development

Did you find this white paper useful? 5 out of 9 users found this white paper useful

The Value Proposition: The Economics of Application Service Provision

The build and junk cycle that took us from mainframe to mini to PC client/server and now to internet has been an escalating expense that will probably reach a global total of over a trillion dollars before we complete the current cycle.

Channel:
Comment & Analysis

US government funds open source bug hunt

The automated system should be running by March, and the resulting database of bugs will be accessible to developers, they said. The benefit for open source is that it enables it to be up to date with commercial technology innovation," she said.

Opinion: E-government for all

This problem becomes more acute in countries with much larger populations, relatively low internet penetration and little hard currency to spend. We know this, intuitively at least, from our own experience in the UK and can observe that where...

Channel:
Law & Policy
Tags:
e-government

Devil's Advocate: Spend on technology, be successful

Unfortunately, further research fails to substantiate that link. Most of them fail to deliver shareholder value and many involve messy and costly IT integration processes. Another is outsourcing contracts that fail to meet the needs of the...

Channel:
Comment & Analysis

Jobcentre fails to answer benefit calls

The CEO of Jobcentre Plus, Lesley Strathie, admitted that since the deployment of a customer management system (CMS) in contact centres and benefit offices, people have had trouble contacting the organisation.

Channel:
Public Sector
Tags:
jobs

Offshoring dos and don'ts

The biggest reason for an IT offshore development project to fail is the Western company not being sufficiently prepared for it. Get project managers who are accomplished at delegating tasks, monitoring workflow and policing and communicating with...

Featured White Papers

IDC reports on Novell's Secure Desktop Solution: A Modern-Day Marriage of Business Benefit and Risk Reduction

This IDC whitepaper examines how companies are turning to integrated security solutions, such as Novell Secure Desktop Solution, to deal with the vulnerability of mobile assets and implement a comprehensive security strategy.

Publisher:
Novell

Green IT: Reducing your Carbon Footprint with Citrix

Going green has become an imperative, not an option, for companies facing the new reality of balancing business objectives with dwindling environmental resources. Read on to learn how Citrix products can help bring environmental and organizational objectives into alignment by alleviating the energy impact of equipment needed to serve both the datacenter and the desktop.

Publisher:
Citrix Systems

Identity and Security Management and Strong Information Technology Goverance

A total identity and access management (IAM) – driven goverance, risk and compliance (GRC) solution should ensure foolproof and accurate measurements of policies and practises across the enterprise. This IDC white paper examines identity and security management (ISM) solutions and how these integrated offerings can play a key role in enforcing security compliance.