Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

Building a Software Assurance Program

by Neil MacDonald  |  September 28, 2010  |  Comments Off

I work with clients daily on how to change their development (and procurement) processes to product more secure code. I wrote in this blog, that application security cannot be solved with technology alone, yet I still run into organizations trying to solve their application security problems with the purchase of a static or dynamic application security testing tool. Based on my client’s experiences, the hardest part of the changes are in people and processes.The good news is there is a growing body of free information to help enterprises to learn what other organizations have done.

Microsoft provides free guidance based on its own internal experiences on its Secure Development Lifecycle website.

IBM provides a similar document based on its development practices – “The IBM Secure Engineering Framework”

and, I’ve written previously on the good work coming out of OWASP and the work done by the Build Security In Maturity Model team.

Technology alone cannot solve what fundamentally is a process problem. Use these resources to learn best practices in building a workable software assurance program that addresses people, process and technology.

Comments Off

Category: Application Security     Tags: , , , ,