Gary McGraw's Security Articles
May 4, 2007, 9:44 am
http://www.cigital.com/resources/gem/
Build Security In series
These articles were all originally published in IEEE Security & Privacy. For more of Gary's publications, see our full listing of his available published articles. Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors (November/December 2005) Bridging the Gap Between Software Development and Information Security (September/October 2005) A Portal for Software Security (July/August 2005) Adopting a Software Security Improvement Program (May/June 2005) Knowledge for Software Security (March/April 2005) Software Penetration Testing (January/February 2005) Static Analysis for Security (November/December 2004) Software Security Testing (September/October 2004) Risk Analysis in Software Design (July/August 2004) Misuse and Abuse Cases: Getting Past the Positive (May/June 2004) Software Security (March/April 2004)
IT Architect (formerly Network Magazine) series
How Bad Is Intrusion Detection? [pdf] (October 2005) Is Cisco Naked? [pdf] (September 2005) Is VoIP Secure Enough For Prime Time? [pdf] (August 2005) Is Penetration Testing a Good Idea? (July 2005) Are Cell Phones the Next Target? (June 2005) How Does Security Fit With Engineering? (May 2005) Is Your Mac Really More Secure? (April 2005) Are We In a Computer Security Renaissance? (February 2005) Innovative Rootkits: The Ultimate Weapon? (January 2005) How Do Real Bad Guys Break Software? (December 2004) Application Security Testing Tools: Worth the Money? (November 2004) Who Should Do Security? (October 2004)