Core Software Security: Security at the Source

FLORIDA, Fla. - Dec. 16, 2013 - PRLog -- CRC Press Announces Publication of Ground-Breaking Book on Software Security

Boca Raton, Florida, December 16, 2013—CRC Press is pleased to announce the publication of its latest book on software security, Core Software Security: Security at the Source (ISBN: 978-1-4665-6095-6, 416 pp.)by James Ransome and Anmol Misra.

There is much publicity regarding network security, but the real cyber Achilles’ heel is insecure software. Millions of software vulnerabilities create a cyber house of cards, in which we conduct our digital lives. In response, security people build ever more elaborate cyber fortresses to protect this vulnerable software. Despite their efforts, cyber fortifications consistently fail to protect our digital treasures. Why? The security industry has failed to engage fully with the creative, innovative people who write software.

Core Software Security expounds developer-centric software security, a holistic process to engage creativity for security. As long as software is developed by humans, it requires the human element to fix it. Developer-centric security is not only feasible but also cost effective and operationally relevant. The methodology builds security into software development, which lies at the heart of our cyber infrastructure. Whatever development method is employed, software must be secured at the source.

Dr. Larry Ponemon of the Ponemon Institute says, “In the wake of cloud computing and mobile apps, the issue of software security has never been more important than today. This book is a must-read for security specialists, software developers and software engineers. The authors do a brilliant job providing common sense approaches to achieving a strong software security posture and should be part of every security professional’s library.”

Howard Schmidt, who currently serves as the Executive Director of the Software Assurance Forum for Excellence in Code (SAFECode), wrote the foreword for the book. He states in the foreword: Having recently served as the Special Assistant to the President and the Cyber Security Coordinator for the federal government, in addition to many senior leadership roles in the cyber security government and enterprise space, I can confidently say that this is currently the most critical area of information and global cyber security to fix. This has been and continues to be more of a business and process issue than it is technical. Core Software Security: Security at the Source, adds great value to the typical training resources currently available in that it takes the elements of the best publically known SDL’s and provides operational, business-relevant, cost-effective metrics. I believe that what Dr. Ransome and Anmol Misra have written has hit the mark on this topic and will serve the community for many years to come as both a practical guide for professionals and as an academic textbook.

The book outlines a holistic business-savvy SDL framework that includes people, process, and technology—focusing on the key success factors, deliverables, and metrics for each phase of the SDL. The authors examine cost efficiencies, optimized performance, and organizational structure of a developer-centric software security program and PSIRT. Also included in the book is a chapter by noted security architect Brook Schoenfield who shares his insights and experiences in applying the book’s SDL framework.

About the Authors:

Dr. James Ransome is the Senior Director of Product Security and responsible for all aspects of McAfee’s Product Security Program, a corporate-wide initiative that supports McAfee’s business units in delivering best-in-class, secure software products to customers. His career has been marked by leadership positions in private and public industries, including three chief information security officer (CISO) and four chief security officer (CSO) roles. Prior to entering the corporate world, James had 23 years of government service in various roles supporting the U.S. intelligence community, federal law enforcement, and the Department of Defense.

James holds a Ph.D. in Information Systems from the Graduate School of Computer and Information Sciences at Nova Southeastern University. He developed/tested a security model, architecture, and provided leading practices for converged wired/wireless network security for his doctoral dissertation as part of a NSA/DHS Center of Academic Excellence in Information Assurance Education program. James is a member of Upsilon Pi Epsilon, the International Honor Society for the Computing and Information Disciplines, and he is a Certified Information Security Manager (CISM), a Certified Information Systems Security Professional (CISSP), and a Ponemon Institute Distinguished Fellow.

Anmol Misra is an author and a security professional with a wide range of experience in the field of information security. His expertise includes mobile and application security, vulnerability management, application and infrastructure security assessments, and security code reviews. He is a Program Manager in Cisco’s Information Security group. Prior to joining Cisco, Anmol was a Senior Consultant with Ernst & Young LLP. In this role, he advised Fortune 500 clients on defining and improving information security programs and practices.

Anmol holds a master’s degree in Information Networking from Carnegie Mellon University and a Bachelor of Engineering degree in Computer Engineering. He is based out of San Francisco, California.

CRC Press is the principal science and technology book division of the Taylor & Francis Group, an Informa company.

For more information contact:
Christopher Manion
chris.manion@taylorandfrancis.com
6000 Broken Sound Parkway, NW, Suite 300 • Boca Raton, FL 33487
Tel: (561) 998-2508 • Fax: (561) 241-7856 • www.crcpress.com

For more information on this new title, please visit http://www.crcpress.com/product/isbn/9781466560956

ISBN 9781466560956, December 9, 2013, 416pp