Robert Grupe On ...

Implementing security and regulatory compliance SSDF practices into an efficient Software Development Life Cycle (SSDL) can be quite daunting due to the scope of practices and tooling required. Just as "Rome wasn't built in a day," security implementation and improvement plans need to be prioritized based on highest business risk, and most cost-effective "bang for the buck" improvement investments.  While it might be tempting to try addressing all of the below at once, or even cherry pick through the list, they each have success dependencies on each other that are need to acheive effective execution: Document, Assess, Improve, Adjust, Repeat. 1. "Be Prepared" for today's advanced ransomware attack threats "Being prepared" is about everyone knowing who is responsible for security risk and incident responses, identifying the actions required by each responsible stakeholder, setting realistic and appropriate response timelines needed to sup...

Clarification of commonly used software development security terms Computer Technology is a broad field that easily gets confused through the use of acronyms and new product market positioning terms. Inconsistent understanding and use of these terms amongst practitioners and organizations can cause confusion and inefficiencies when communicating scope and objectives of collaborative efforts. The following is a quick reference to help clarify the most commonly used and confused terminology regarding software development security. Terms Computer Security / Cybersecurity / Digital Security / Information Technology Security (IT Security) The protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide. As such, these are the broadest all-encompassing terms having to do with a...