Gary McGraw's Security Articles

Gary McGraw is author of Software Security.

informIT article series

• Getting Past the Bug Parade (September 17, 2008)
• Software Security Demand Rising (August 11, 2008)
• Application Assessment as a Factory (July 17, 2008)
• DMCA Rent-a-cops Accept Fake IDs (June 12, 2008)
• Securing Web 3.0 (May 15, 2008)
• Paying for Secure Software (April 7, 2008)

Build Security In article series

These articles were all originally published in IEEE Security & Privacy. For more of Gary's publications, see our full listing of his available published articles.

• Online Games and Security (October/September 2007)
• Software Security and SOA: Danger, Will Robinson! (January/February 2006)
• Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors (November/December 2005)
• Bridging the Gap Between Software Development and Information Security (September/October 2005)
• A Portal for Software Security (July/August 2005)
• Adopting a Software Security Improvement Program (May/June 2005)
• Knowledge for Software Security (March/April 2005)
• Software Penetration Testing (January/February 2005)
• Static Analysis for Security (November/December 2004)
• Software Security Testing (September/October 2004)
• Risk Analysis in Software Design (July/August 2004)
• Misuse and Abuse Cases: Getting Past the Positive (May/June 2004)
• Software Security (March/April 2004)

Dark Reading article series

• The Truth Behind Code Analysis (February 13, 2008)
• Software Security Strategies (January 9, 2008)
• Beyond the PCI Band-Aid (December 10, 2007)
• Online Games & the Law (October 11, 2007)
• Mobile Insecurity (September 14, 2007)
• The Ultimate Insider (August 14, 2007)
• Consolidate This (July 12, 2007)
• JSON, Ajax & Web 2.0 (June 7, 2007)
• Certifiable (May 9, 2007)
• Want Turns to Need (April 20, 2007)
• Compliance As Kick-Starter (March 12, 2007)
• Security's Symbiosis (February 27, 2007)
• Hurray for Hollywood!? (January 12, 2007)
• Foxy Vista Henhouse (December 11, 2006)
• Boarding-Pass Brouhaha (November 2, 2006)
• Diebold Disses Democracy (October 9, 2006)
• Keep Your Laws Off My Security (September 7, 2006)
• Google is Evil (August 4, 2006)
• If You Build It, They'll Crash It (July 7, 2006)
• New Terrorist Profile: Phone Users (June 13, 2006)
• Microsoft's Missed Opportunity (May 3, 2006)

IT Architect (formerly Network Magazine) article series (PDF format)

• How Flawed Is Microsoft? (March 2006)
• Is Application Security Training Worth the Money? (February 2006)
• Is Sony BMG Run By Malicious Hackers? (January 2006)
• When Does Security Cross the Line? (December 2005)
• Is Security Really About Getting Nothing Done? (November 2005)
• How Bad Is Intrusion Detection? (October 2005)
• Is Cisco Naked? (September 2005)
• Is VoIP Secure Enough For Prime Time? (August 2005)
• Is Penetration Testing a Good Idea? (July 2005)
• Are Cell Phones the Next Target? (June 2005)
• How Does Security Fit With Engineering? (May 2005)
• Is Your Mac Really More Secure? (April 2005)
• Where Does Trust Come From? (March 2005)
• Are We In a Computer Security Renaissance? (February 2005)
• Innovative Rootkits: The Ultimate Weapon? (January 2005)
• How Do Real Bad Guys Break Software? (December 2004)
• Application Security Testing Tools: Worth the Money? (November 2004)
• Who Should Do Security? (October 2004)

John Steven's Security Articles

Build Security In article series

These articles were all originally published in IEEE Security & Privacy. For more of John's publications, see our full listing of his available published articles.

• Defining Misuse Within the Development Process (November/December 2006)
• Essential Factors for Successful Software Security Awareness Training (September/October 2006)
• Introduction to Identity Management Risk Metrics (July/August 2006)
• Putting the Tools to Work: How to Succeed with Source Code Analysis (May/June 2006)
• Adopting an Enterprise Software Security Framework (March/April 2006)