As a discipline, software security has made great progress over the last decade. Discussion on secure programming with static analysis brian chess, chief scientist at fortify software and jacob west, manager of fortifys. Brian chess svp of infrastructure and security engineering. His book, secure programming with static analysis, shows how static source code analysis is an indispensable tool for getting security. Fortify software and whitehat veteran application security experts join contrast security. Secure code warrior establishes technical advisory board. Fortify was aquired by hewlett packard in september 2010. Fortify s software security assurance products and services protect companies from the threats posed by security flaws in businesscritical software applications. This sort of marketing fluff falls under the same class of confusing noise as brian chesss claim that penetration testing will be dead by 2009, total fiction. Im currently working on business software in the cloud at netsuite. Followup to my last brian chess fortify software post.
Brian chess, founder of fortify software now hp fortify. A year ago at javaone, fortify software founder and chief scientist brian chess gave a presentation titled 12 java technology security traps and how to avoid them. Brian chess gvp cloud operations oracle netsuite linkedin. Secure programming with static analysis by chess, brian. Nov 14, 2008 brian chess is a founder of fortify software and serves as fortify s chief scientist, where his work focuses on practical methods for creating secure systems. Today im talking about software security in the big picture. Secure programming with static analysis by brian chess.
He currently serves as fortifys chief scientist, where his work focuses on practical methods for creating secure systems. Brian chess at fortify software caused some controversy when he said pen testing was a dying art. West head of security research group, brian chess former chief scientist, arthur do former chief architect. Dynamic taint propagation finding vulnerabilities without attacking brian chess jacob west. We introduce a dynamic technique for defending web appli. May 19, 2020 welcome to the software security gurus webcast with matias madou. Since 2017, fortify s products have been owned by micro focus. His book, secure programming with static analysis, shows how static source code analysis is an indispensable tool for getting security right. Brian is a frequent speaker at industry conferences such as csi and rsa.
Secure programming with static analysis addisonwesley. Technology, like brian chesss technology is a solution to a problem, which by definition means that the problem came first and the technology was always a few steps behind. In the eighth episode of the silver bullet podcast, gary talks with brian chess, cofounder and chief scientist of fortify software. An alternative to risk management for information and. Jack, former ceo of fortify software now hp and brian chess, founder and cto of fortify and currently svp of infrastructure and security at a publicly traded company, as company advisors. Brian chess, svp of infrastructure and security engineering, netsuite. After fortify, he founded ritual software and is now the svp of infrastructure and security engineering at netsuite where he implements a wide range of security products. He currently serves as fortify s chief scientist, where his work focuses on practical methods for creating secure systems. Jul 12, 2007 brian chess is the chief scientist at fortify software, where his research focuses on methods for creating secure systems.
Brian chess is the chief scientist at fortify software, where his research focuses on methods for creating secure systems. They discuss their mutual choices to forgo academia, and plunge into their own software projects. Presentations secure programming with static analysis. This article is prompted by a visit to edinburgh in the company of brian chess founder and chief scientist at fortify to open a new owasp chapter. Secure programming with static analysis by chess, brian ebook. August 27, 2014 contrast security, a pioneer in application security solutions, today announced the addition of john m. A with respect to it security, hackers are always creating new methods for penetrating into networks the problem. Secure programming with static analysis by jacob west and. Schmidt, former white house cyber security advisor brian chess is founder and chief scientist of fortify software, where his research focuses on. After fortify, he founded ritual software and is now the svp of infrastructure. Source code analysis is also a critical part of our ca2 process.
Gary mcgraw and brian chess introduce a software security framework ssf to help understand and plan a software security initiative. Feb 21, 2011 brian chess is a founder and chief scientist at fortify software, an hp company. See the complete profile on linkedin and discover brian s. Brian chess is founder and chief scientist of fortify software, where his research focuses on practical methods for creating secure systems.
Why pen testing is central to states app security cio. Brian chess, cto of fortify software creating confusion. The building security in maturity model bsimm usenix. A it isa mathematicallya a impossible for fortify 360 to render software invulnerable to attacks from cyber predators. An alternative to risk management for information and software security february 2009 podcast brian chess fortify software, julia h. An interview with brian chess ieee computer society. Schmidt, former white house cyber security advisor brian chess is founder and chief scientist of fortify software, where his research focuses. Secure programming with static analysis by brian chess, jacob. We were acquired by hp at the end of last year, and were excited to join the hp family. The offline and 0nline comments that resulted from that post were mostly in favor of what id written and one of. Allen in this podcast, brian chess explain how standards, compliance, and process are better than risk management for ensuring information and software security. View brian chess profile on linkedin, the worlds largest professional community.
Recently i published a post about fortify softwares brian chess because of some outlandish claims that he made in an article about penetration testing being dead by 2009. Everyday discount offer buy 2 or more eligible titles and save 35%use code buy2. Brian chess is a founder of fortify software and serves as fortifys chief scientist, where his work focuses on practical methods for creating secure systems. Brian chess, fortify software brian chess is a founder of fortify software and serves as fortify. Brian chess is a founder of fortify software and serves as fortify s chief scientist, where his work focuses on practical methods for creating secure systems. Brian chess is a founder and chief scientist at fortify software, an hp company. Website, micro focus security micro focus fortify software security center server. Brian chess is a founder of fortify software and serves as fortify. May 10, 2007 a year ago at javaone, fortify software founder and chief scientist brian chess gave a presentation titled 12 java technology security traps and how to avoid them. This article is prompted by a visit to edinburgh in the company of brian chess founder and chief scientist at. Combining deep application security expertise with extensive software development experience, fortify software has defined the market with awardwinning products that assure software.
Fortify software and whitehat veteran application security. Overview motivation dynamic taint propagation sources of inaccuracy integrating with qa related work. Fortify offerings included static application security testing and dynamic application security testing products, as well as products and services that support software security assurance. The company has also brought on mark hodgson, a veteran of. Welcome to the software security gurus webcast with matias madou. Brian chess, cybersecurity expert and former chief scientist at fortify software.
Brian chess, chief scientist for fortify software stephen northcutt june 9th, 2007 brian chess, chief scientist, fortify software, has agreed to be interviewed for the security lab for this special series in web app security and we certainly thank him for his time. From 2003 to 2012 i was chief scientist at fortify software where i worked on solving software security problems. Fortifys software security assurance products and services protect companies from the threats posed by security flaws in businesscritical software applications. From 2003 to 2012 i was chief scientist at fortify software where i worked. The offline and 0nline comments that resulted from that post were mostly in favor of what id written and one of those comments really caught my eye.
18 414 964 1205 79 1637 1601 804 1267 922 548 141 1189 438 959 322 1372 299 1472 1013 978 872 848 172 1195 169 1410 175 819 411 1441 402 835 1008 1151 543