TRENDING:

OCC Bulletin 2008-16: A Blueprint for Compliance

Veracode • October 17, 2008  
OCC Bulletin 2008-16: A Blueprint for Compliance The recent issuance of the OCC Bulletin 2008-16 alerted financial institutions of the risks posed by insecure software and recommended steps banks should take to reduce risk and protect their critical data. Historically, banks have lacked an effective and cost-efficient manner to analyze the security of software. Security testing has been limited to manual analysis by consultants, using internal teams with source code tools or trusting software vendors to test their own code. None of these approaches scale to cover entire application portfolios (as required by the OCC), and can add significant time and costs to projects.

This whitepaper outlines how these limitations can be overcome by following five best practices that institutions can use to secure their applications. The whitepaper also offers insights on how to:

  • Mitigate risk from commercial software, outsourced development, and contracted software for both internal and web-facing applications
  • Create best practices for securing internal and third party code
  • Define security standards with software vendors - including FREE sample outsourcing and COTS contracting language
Previous
The 5 Core Competencies of Compliance
Next
The Application Security Imperative for Financial Institutions



Around the Network

RSA President on the Case for a Risk-Based Security Model
RSA President on the Case for a Risk-Based Security Model
Safeguarding Critical Infrastructure From Cyberattacks
Safeguarding Critical Infrastructure From Cyberattacks
Update: NIST Preparing Privacy Framework
Update: NIST Preparing Privacy Framework
Behavioral Biometrics: Key Challenges
Behavioral Biometrics: Key Challenges
Defending Against Business Email Compromise Attacks
Defending Against Business Email Compromise Attacks
Analysis: Facebook Breach's Impact
Analysis: Facebook Breach's Impact
Preventing a 'Doomsday' Healthcare Cyber Event
Preventing a 'Doomsday' Healthcare Cyber Event
Analysis: Opioid Legislation Stripped of Privacy Provision
Analysis: Opioid Legislation Stripped of Privacy Provision
Network vs. Endpoint Security: Striking the Right Balance
Network vs. Endpoint Security: Striking the Right Balance
An Assessment of Google's Data Leak
An Assessment of Google's Data Leak

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.