Yearly Archives: 2015

Post: Texas Tribune’s Symposium on Cybersecurity and Privacy

I had the unique opportunity last week to participate in a daylong policy discussion titled “A Symposium on Cybersecurity and Privacy: What the Public Sector Can Learn from the Private Sector” hosted by the Texas Tribune. The Texas Tribune is the only member-supported, digital-first, nonpartisan media organization that informs Texans — and engages with them […]

Post: Webinar: How iOS and Android Handle Security

Today I delivered a webinar on mobile application security and, specifically, on how the iOS and Android platforms handle security. Slides and audio are online here: How iOS and Android Handle Security Webinar from Denim Group The goal of the webinar was twofold: Educate developers on the security characteristics and capabilities of their chosen development […]

Post: ThreadFix 2.3RC1 Now Available

We’re excited to have the first Release Candidate for the ThreadFix 2.3 development cycle now available. The team has been hard at work since the 2.2 release and we’re also thrilled to announce contributions from great organizations such as Samsung, Pearson Education, and VirtualForge. The ThreadFix Community has been a great force driving the product’s development […]

Post: HouSecCon Presentation – SecDevOps: Development Tools for Security Pros

HouSecCon 2015 has wrapped up and the team did a great job putting on a first-rate event. I had the opportunity to give a talk about the tools that development teams use with the goal of educating security professionals and giving them ideas of how to better work together with dev teams to get issues […]

Post: Industry Leaders Collect Public Benchmarking Data Sets to Improve Software Security

On Saturday, March 28, 2015 at the OWASP SAMM Summit in Dublin, a group of Application Security leaders announced a new project that they had been working on since the summer of 2014: the industry’s first public benchmarking data for improving software security. The leaders’ vision is to offer companies a comparative data set, allowing […]

Post: RSA 2015: Building an Application Security Program with Sun Tzu, The Dalai Lama and Honey Badger

Slides are online from my talk at RSA this year titled “Building an Application Security Program with Sun Tzu, The Dalai Lama and Honey Badger.” This was based on a joke I made a while back with some folks that security professionals seemed to really enjoy the tough-guy war metaphors of Sun Tzu, but they’d […]