Focuses on the increasingly important field of application-level security, plus alerts and links to breaking security news.http://syndication.sdmediagroup.com/images/logo_xml.gif http://www.sdmagazine.com/documents/s=9180/sdm0603ss/ WatchFire’s AppScan 6.0; Product Review: Standing Guard; 2006 Dr. Dobb's Journal Excellence in Programming Award; Sun Patches 7 Critical Java Runtime Bugs; Quantum Cryptography Research Advances and IBM Research May Extend Moore's Law; New Ada Standard on the Horizon http://www.sdmagazine.com/documents/s=9180/sdm0602ss/ Build It In, Don’t Trowel It On; SSH Kerberos Authentication Using GSSAPI and SSPI; Hot Link http://www.sdmagazine.com/documents/s=9180/sdm0601ss/ In this Issue: Beat Back Attackers; Security is a Service, Not a Product; Hot Links http://www.sdmagazine.com/documents/s=9180/sdm0511ss/ Security Timewarp; 2nd Annual Offshore Survey; Today: Security Software Is No Security Blanket; 5 Years Ago: Building Better Code; 7 Years Back: Lack of Security Awareness http://www.sdmagazine.com/documents/s=9180/sdm0510ss/ Product Showcase: Seal Up Your SOAP; Security Shelf: Executive Tips and International Help; Hot Links http://www.sdmagazine.com/documents/s=9180/sdm0509ss/ Investigating Source Code Theft http://www.sdmagazine.com/documents/s=9180/sdm0508ss/ Software Theft and the Analytical Machine; Investigating Software and Source-Code Theft; The Definition and Origin of Software http://www.sdmagazine.com/documents/s=9180/sdm0507ss/ Security must be built in throughout the application development lifecycle. http://www.sdmagazine.com/documents/s=9180/sdm0505ss/ Security-Hardening Third-Party Applications<br> The most important information security question is how to security-harden third-party applications. Whether we have access to the source code or not, an application that comes from a third-party developer or independent software vendor is typically far too complex for us to easily understand its vulnerabilities. http://www.sdmagazine.com/documents/s=9180/sdm0504ss/ Strength in Numbers: Algorithms and security libraries that have stood the test of public use can be a good bet, but feedback and caution provide extra protection against unnoticed bugs. http://www.sdmagazine.com/documents/s=9180/sdm0503ss/ Trust Tentatively: It's easy to be shortsighted about our own code. http://www.sdmagazine.com/documents/s=9180/sdm0502ss/ Paranoia Pays: Preserving binary secrecy is best accomplished with wariness. http://www.sdmagazine.com/documents/s=9180/sdm0501ss/ The One-Click Trick http://www.sdmagazine.com/documents/s=9180/sdm0412ss/ Complex systems may include subtle problems that might go unnoticed. Complex code is hard to maintain and tends to be buggy. To shore up security, aim for simplicity. http://www.sdmagazine.com/documents/s=9180/sdm0411ss/ Divide and Conquer http://www.sdmagazine.com/documents/s=9180/sdm0410ss/ Less is More: The stingier you are with access, the safer your system becomes http://www.sdmagazine.com/documents/s=9180/sdm0409ss/ Error handling is notoriously tricky, but a poorly designed protocol can play into an attacker's hand. http://www.sdmagazine.com/documents/s=9180/sdm0408ss/ Defense in Depth http://www.sdmagazine.com/documents/s=9180/sdm0405ss/ 10 Tips for Safer Software & Secure the Weakest Link http://www.sdmagazine.com/documents/s=9180/sdm0404ss/ Bruce Schneier Talks Homeland Security