TRENDING:

OCC Bulletin 2008-16: A Blueprint for Compliance

Veracode • October 17, 2008  
OCC Bulletin 2008-16: A Blueprint for Compliance The recent issuance of the OCC Bulletin 2008-16 alerted financial institutions of the risks posed by insecure software and recommended steps banks should take to reduce risk and protect their critical data. Historically, banks have lacked an effective and cost-efficient manner to analyze the security of software. Security testing has been limited to manual analysis by consultants, using internal teams with source code tools or trusting software vendors to test their own code. None of these approaches scale to cover entire application portfolios (as required by the OCC), and can add significant time and costs to projects.

This whitepaper outlines how these limitations can be overcome by following five best practices that institutions can use to secure their applications. The whitepaper also offers insights on how to:

  • Mitigate risk from commercial software, outsourced development, and contracted software for both internal and web-facing applications
  • Create best practices for securing internal and third party code
  • Define security standards with software vendors - including FREE sample outsourcing and COTS contracting language
Previous
The 5 Core Competencies of Compliance
Next
The Application Security Imperative for Financial Institutions



Around the Network

Analysis: Fat Face's Awkward Breach Notification
Analysis: Fat Face's Awkward Breach Notification
The Looming Threat of Broken Cryptography
The Looming Threat of Broken Cryptography
State of the Marketplace: A Conversation With Dave DeWalt
State of the Marketplace: A Conversation With Dave DeWalt
Is Your Security Stack Ready for the Modern Cloud?
Is Your Security Stack Ready for the Modern Cloud?
Telemedicine: Inclusion and Fraud
Telemedicine: Inclusion and Fraud
Implementing Cybersecurity Best Practices
Implementing Cybersecurity Best Practices
Crisis Communications: How to Handle Breach Response
Crisis Communications: How to Handle Breach Response
Analysis: Takeaways From Ransomware Gang Interviews
Analysis: Takeaways From Ransomware Gang Interviews
FDA's Kevin Fu on Threat Modeling for Medical Devices
FDA's Kevin Fu on Threat Modeling for Medical Devices
Case Study: Streamlining Third-Party Risk Management
Case Study: Streamlining Third-Party Risk Management

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.