[prev in list] [next in list] [prev in thread] [next in thread]
List: websecurity
Subject: [WEB SECURITY] BSIMM2
From: Gary McGraw <gem () cigital ! com>
Date: 2010-05-12 17:56:43
Message-ID: C810641B.21C79%gem () cigital ! com
[Download RAW message or body]
hi all,
Robert suggested that an official posting about the release of BSIMM2 might be in \
order on the list since it covers secure SDLC issues. Hopefully you will agree.
In March 2009 we announced the publication of the BSIMM---a measuring stick for \
software security. We're pleased today to announce the publication of BSIMM2. We \
have tripled the size of the data set to thirty firms, including: Adobe, Aon, Bank of \
America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, \
Google, Intel, Intuit, Microsoft, Nokia, QUALCOMM, Sallie Mae, Standard Life, SWIFT, \
Symantec, Telecom Italia, Thomson Reuters, VMware, and Wells Fargo.
BSIMM2 is available for free under the creative commons license from \
<http://bsimm2.com>. Download your copy today.
The BSIMM2 document itself is 53 pages. A concise treatment of the results can be \
found in my monthly informIT column in an article titled "BSIMM2: Measuring the \
Emergence of a Software Security Community": \
<http://www.informit.com/articles/article.aspx?p=1592389>
Our study represents the work of 635 people who are members of the 30 firms' SSGs. \
Together, the firms have a collective 130 years of experience planning and executing \
30 software security initiatives. Among other results, we have identified 15 core \
BSIMM activities.
We think the descriptive nature of the BSIMM study is an important characteristic of \
the work. We describe not what you should do for software security, but what \
successful software security initiatives are actually doing. Use BSIMM2 to measure \
your own software security initiative and compare it to others.
gem
company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com
MUSIC http://www.amazon.com/dp/B003JPNV1I/?tag=lastfmmp3-20
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic