'[WEB SECURITY] BSIMM2'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       websecurity
Subject:    [WEB SECURITY] BSIMM2
From:       Gary McGraw <gem () cigital ! com>
Date:       2010-05-12 17:56:43
Message-ID: C810641B.21C79%gem () cigital ! com
[Download RAW message or body]

hi all,

Robert suggested that an official posting about the release of BSIMM2 might be in \
order on the list since it covers secure SDLC issues.  Hopefully you will agree.

In March 2009 we announced the publication of the BSIMM---a measuring stick for \
software security.  We're pleased today to announce the publication of BSIMM2.  We \
have tripled the size of the data set to thirty firms, including: Adobe, Aon, Bank of \
America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, \
Google, Intel, Intuit, Microsoft, Nokia, QUALCOMM, Sallie Mae, Standard Life, SWIFT, \
Symantec, Telecom Italia, Thomson Reuters, VMware, and Wells Fargo.

BSIMM2 is available for free under the creative commons license from \
<http://bsimm2.com>.  Download your copy today.

The BSIMM2 document itself is 53 pages.  A concise treatment of the results can be \
found in my monthly informIT column in an article titled "BSIMM2: Measuring the \
Emergence of a Software Security Community": \
<http://www.informit.com/articles/article.aspx?p=1592389>

Our study represents the work of 635 people who are members of the 30 firms' SSGs.  \
Together, the firms have a collective 130 years of experience planning and executing \
30 software security initiatives.  Among other results, we have identified 15 core \
BSIMM activities.

We think the descriptive nature of the BSIMM study is an important characteristic of \
the work.  We describe not what you should do for software security, but what \
successful software security initiatives are actually doing.  Use BSIMM2 to measure \
your own software security initiative and compare it to others.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

MUSIC http://www.amazon.com/dp/B003JPNV1I/?tag=lastfmmp3-20


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic