I’ve been quite the blog-post-slacker lately, but I have at least been halfway keeping up on my blog and news reading. Here are some of my favorite posts from the last week or so:
- Gazza on the Software Security Market – Interesting post from Mark Curphey with some updated numbers about the software security market. Very cool to see how the focus is shifting from pen testing to source code review.
- Are You a Builder or a Breaker – Another great post from Mark Curphey that echoes a problem we have had with the security market for far too long. This is the focus on breaking unsecure systems rather than building secure ones. The longer the industry focused on the “cool guy” process of breaking systems and making people look bad rather than the “actual solution” approach of designing security into systems from the ground up, the slower progress will be.
- SDL Press Tour Announcements – Blog post from Steve Lipner talking about some of the things Microsoft is doing to promote their Secure Development Lifecycle (SDL) beyond Microsoft’s walls. Microsoft pushing SDL to a wider audience is pretty exciting stuff so keep an eye out for more information.
dan _at_ denimgroup.com