This is a guest posting by Michael Solomon PhD CISSP PMP CISM.
Companies large and small need comprehensive software security testing, but there is a lot of confusion about what that actually means. How do organizations go about conducting software security tests? What types of test should you run? And how do you know if you’ve done enough?
This is a companion discussion topic for the original entry at http://feedproxy.google.com/~r/gurock/~3/oSb8T-YvdqQ/