The folks over at the NIST Information Technology Labs (ITL) have been busy. One complaint about the recently released Risk Management Framework (RMF) [1], developed in response the President’s Executive Order 13636 on Improving Critical Infrastructure Cybersecurity, was that it did not address application security (the coding practices that allow for SQL injection, buffer overflow, etc). [2]. Continue reading →