Nov 27, 2015
Cheryl Biswas gave a great talk last month at Bsides Toronto. I was intrigued by what "Shadow IT" and "Shadow Data" means, as there appears to be some disparity. Why can't you write policy to enforce standards? As easy as it sounds, it's quickly becoming a reason young talented people might skip your company. Who wants...
Nov 21, 2015
Business Security in Maturity Model (#BSIMM) is a #framework that is unique in that it gives your company a measuring stick to know how certain industry verticals stack to yours...
We didn't want to run through all 4 sections of the BSIMM, so this time, we concentrated on the #software #security standards, the...
Nov 10, 2015
During our last podcast with Bill Sempf (@sempf), we were talking about how to get developers to understand how to turn a vuln into a defect and how to get a dev to understand how vulns affect the overall quality of the product.
During our conversation, a term "ASVS" came up. So we did a quick and dirty session with...
Nov 4, 2015
When you receive a #pentest or vuln scan report, we think in terms of #SQLi or #XSS. Take that report to your dev, and she/he sees Egyptian hieroglyphics and we wonder why it's so difficult to get devs to understand.
It's a language barrier folks. They think terms of defects or how something will affect the customer...