Cybersecurity training and workforce development is a common theme and solution that’s proposed at conferences that discuss the challenges of cybersecurity and the future as we know it – developing, architecting and living within digital IT ecosystems. Who’s steering the ship? Do leaders understand the security threats and do their... Read more →
08/21/2018
College Degrees Now Available for Secure Software Development
Posted at 11:06 am in Uncategorized, | Permalink
07/10/2018
Coverity now features integrated on-demand developer training
News item submitted by Elizabeth Samet, Public Relations Manager, Synopsys Read the full post on Synopsys blog here The latest release of Coverity by Synopsys features seamless integration with our completely rebuilt eLearning platform, an on-demand developer training solution focusing on secure coding best practices and security guidance. On-demand developer... Read more →
Posted at 11:04 am in Uncategorized, | Permalink
05/10/2018
8 takeaways from NIST’s application container security guide
By Tim Mackey, Senior Technical Evangelist for Black Duck Software by Synopsys Link to original article on Synopsys blog, published May 1, 2018 Companies are leveraging containers on a massive scale to rapidly package and deliver software applications. But because it is difficult for organizations to see the components and... Read more →
Posted at 11:00 am in Uncategorized, | Permalink
02/13/2018
Scope Measurement on Large IT Projects in Texas: A Position Paper
Herb Krasner, University of Texas at Austin (ret.), CISQ Advisory Board member A new Texas state law adds specific monitoring requirements for large IT projects in Texas state agencies. It requires regular monitoring and reporting on IT project performance indicators of: schedule, cost, scope, and quality. IT scope measurement is... Read more →
Posted at 11:00 am in Uncategorized, | Permalink
01/24/2018
Preventing the Next Equifax – All CVEs Have Root Causes in CWEs
by Tracie Berardi, Program Manager, CISQ The Equifax data breach in 2017 was the result of attackers exploiting an unpatched vulnerability in Equifax software. The vulnerability – Apache Struts: CVE-2017-9805: Possible Remote Code Execution as titled in the NIST National Vulnerability Database– was a flaw discovered in Apache Struts web... Read more →
Posted at 10:59 am in Uncategorized, | Permalink
11/13/2017
IT Quality: Measurement Implications for Large IT Projects in Texas
Herb Krasner, University of Texas at Austin (ret.), CISQ Advisory Board member A new law in Texas necessitates the enhanced monitoring of all large IT projects in state agencies. It requires regular measurement and reporting of project performance indicators: schedule, cost, scope, and quality. Quality is believed to be the... Read more →
Posted at 10:58 am in Uncategorized, | Permalink
10/31/2017
Code Quality Standards Highlighted in U.S. State Department CSM (Consular Systems Modernization) Project
The U.S. State Department Office of Acquisitions referenced code quality requirements in the Consular Systems Modernization (CSM) statement of work. From the State Dept. CSM acquisition document on page 23, section C.4.2: “The contractor shall adhere to CST application coding standards intended to assist in creating code that is free.... Read more →
Posted at 10:53 am in Uncategorized, | Permalink
CISQ Metrics in GSA Schedule 70 Blank Purchase Agreement for IT and Development Services
Federal IT Acquisition Example Citing CISQ Metrics CISQ has been referenced by the U.S. General Services Administration (GSA), formally citing CISQ requirements in a Information Technology (IT) statement of work from the Office of the CIO for the Office of Public Buildings. GSA is an independent agency of the U.S... Read more →
Posted at 10:51 am in Uncategorized, | Permalink
09/11/2017
Texas Cybersecurity Legislation Passed In 2017 – A Summary
Herb Krasner, University of Texas at Austin (ret.), CISQ Advisory Board member Here is a summary of the cybersecurity legislation that was passed this year that will have an impact on state agencies and institutions of higher education (all from the 85th regular session of the Tx legislature). The Tx..... Read more →
Posted at 10:47 am in Uncategorized, | Permalink
07/14/2017
Measuring IT Project Performances in Texas: House Bill (HB) 3275 Implications
CISQ Advisory Board member, Herb Krasner, has released a position paper for Texas state CIOs and IT leaders seeking guidance on House Bill (HB) 3275 passed in June 2017 requiring the reporting of software quality measurement in Texas State IT projects. Krasner drafted the legislation that was signed into law... Read more →
Posted at 10:45 am in Uncategorized, | Permalink