Dailydave mailing list archives

Re: Fair and Balanced part 2!

From: Christian Heinrich <christian.heinrich () cmlh id au>
Date: Sat, 11 Jun 2011 15:58:13 +1000

Dave,

On Fri, Jun 10, 2011 at 5:01 PM, Christian Heinrich
<christian.heinrich () cmlh id au> wrote:

Dave,

On Thu, Jun 9, 2011 at 5:13 AM, Dave Aitel <dave.aitel () gmail com> wrote:

I know Cigital went around doing a thousand page questionare to
determine how security was built at various software companies. But
you really can boil all that down to "what cool features did security
kill".


Is the above in reference to http://bsimm.com/ ?


BSIMM2 is a http://en.wikipedia.org/wiki/Maturity_model based on the
real world secure software development practices implemented at ~30
companies, such as Adobe, Microsoft, Wells Fargo, Nokia, etc.

Hence, if secure software development practices lack maturity, then
"cool features" will be killed by "security" due to conflict.  Vice
versa, "cool features" shouldn't be killed by "security" if the secure
software development practices are mature.

I delivered a presentation on the results of BSIMM1 (USA), BSIMM1.5
(Europe) and BSIMM2 (revised data and additional companies from USA
and Europe) which is available from
http://www.slideshare.net/cmlh/bsimm


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Current thread:

Fair and Balanced part 2! Dave Aitel (Jun 08)
- Re: Fair and Balanced part 2! Marc Maiffret (Jun 09)
  - Re: Fair and Balanced part 2! joe mendez (Jun 10)
    - Re: Fair and Balanced part 2! Jeffrey Walton (Jun 11)
- Re: Fair and Balanced part 2! Christian Heinrich (Jun 10)
  - Re: Fair and Balanced part 2! Christian Heinrich (Jun 11)