BSIMM update (informIT)

[coley at linus.mitre.org (Steven M. Christey)]

Speaking of "top 25 tea leaves," the "bug parade boogeyman" just called 
and reminded me that the 2010 Top 25 is due to be released next Thursday, 
February 4.  Thanks for the plug.

A preview of some of the brand-new features:

1) Data-driven ranking with alternate metrics to feed the brain and
    stimulate wider discussion - featuring special guest star Elizabeth
    Nichols

2) Multiple focus profiles to avoid one-size-fits-all

3) Cross-cutting mitigations that expand far beyond the Top 25 - AND show
    which mitigations address which Top 25's

4) References to resources such as BSIMM (and even that controversial
    bad-boy ESAPI) to get people thinking even more about systematic
    software security

... and a few more tidbits.

This particular Cargo-Culting pseudoscientist has dutifully listened to 
his fellow islanders.  This year we've made shiny new airstrips and 
control towers, and apparently we've already started some fires.  The 
planes will TOTALLY come back!  Or maybe I'm just feeling a little 
whimsical.

- Steve

P.S.  I can't wait until software security becomes an actual science, 
because as we all know, scientists are much too rational to ever indulge 
in self-destructive infighting and name-calling that hinders opportunities 
for progress in their field.