Secure Coding mailing list archives
BSIMM Europe
From: gem at cigital.com (Gary McGraw)
Date: Wed, 11 Nov 2009 07:37:33 -0500
Hi Colin, Good question. We did not observe any activities in European initiatives that were not in the model. We would have added them to the model had we made such observations. We followed the same data collection protocol as in the first BSIMM, using interviews that were open (driven by the SSF) and not asking about particular activities. The one delta that you likely noticed in the study is that the "things that everybody does" in Europe differ from those in the US. There is some discussion of that in the article. We hope to have BSIMM II out near the end of the year. Our analysis then should feature some statistical insight. gem http://www.cigital.com/~gem On 11/11/09 6:56 AM, "Colin Cassidy" <parttimesecurityguy at googlemail.com> wrote: Gary, Well done to you and your team for working on this, I've read the article and was interested in something that actually didn`t appear. There was a lot of comparisions between the activities that all the european sites performed, and the activities that were not performed w.r.t. the BSIMM activities and the american founders. However there was no mention of any activities that were unique to the european sites, was this studied at all, and will it be incorporated into BSIMM 2? CJC On Wed, Nov 11, 2009 at 6:09 AM, Gary McGraw <gem at cigital.com> wrote:
hi sc-l, Today we officially launch BSIMM Europe, a study of 9 EU firms' software security initiatives. We continue to focus our work on large-scale software security initiatives at major software firms. Firms in the study included: Nokia, Standard Life, SWIFT, Telecom Italia, and Thomson Reuters. An informIT article can be found here: http://www.informit.com/articles/article.aspx?p=1405841 The article describes our findings regarding European software security by contrast with the original BSIMM. We have tripled the size of the BSIMM study to 27 firms with several more under way. We hope to reach 30 firms by year end. We released BSIMM v1.5 as part of the BSIMM Europe push. The document (released under the Creative Commons) is available for download and now includes and appendix about BSIMM Europe http://www.bsi-mm.com/europe/. The original document has been translated into Italian (by Minded Security) and German (by Virtual Forge). We are very excited about BSIMM progress and look forward to sharing more real data with the community. No more faith based software security! gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
Current thread:
- BSIMM Europe Gary McGraw (Nov 10)
- BSIMM Europe Colin Cassidy (Nov 11)
- BSIMM Europe Gary McGraw (Nov 11)
- BSIMM Europe Colin Cassidy (Nov 11)