Thursday, October 18, 2007

A Corporate Application Security Program

This is a real nice article in CSO magazine about setting up a corporate application security program.

Rather than regurgitating the usual party line -- code reviews, scans and application layer firewalls -- Mark Carney of Fishnet Security gives a high-level overview with a comprehensive program.

Yes, others have said that application security has to be integrated into the development lifecycle, like Microsoft's Security Development Lifecycle. But this article goes beyond that and is more comprehensive.


Post a Comment

<< Home