Secure Coding mailing list archives
BSIMM2: 15 things most firms do
From: gem at cigital.com (Gary McGraw)
Date: Mon, 1 Mar 2010 21:31:22 -0500
hi sc-l, I just spent an excellent week in Leuven, Belgium at secappdev (our fearless moderator Ken was there as always). If you've never been to secappdev, it is certainly something to do at least once, if not annually. One of the five presentations I gave in Leuven was about BSIMM2 (the 30 firm version of BSIMM). I wrote up an article with Brian Chess and Sammy Migues (my BSIMM co-creators) called "Software [In]security: What Works in Software Security --- Fifteen Common Activities from BSIMM2." In addition to highlighting the fifteen most common BSIMM activities, the article also provides the 30 firm data for all 110 activities in public for the first time. http://www.informit.com/articles/article.aspx?p=1569495 We're unveiling some statistical results at RSA this week that will enhance and expand the dataset published in the article. We'll do an official BSIMM2 launch within the next couple of months. Hope to see some of you at the RSA show (probably in the hall track). gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com
Current thread:
- BSIMM2: 15 things most firms do Gary McGraw (Mar 01)