Dailydave mailing list archives
Re: Fair and Balanced part 2!
From: Christian Heinrich <christian.heinrich () cmlh id au>
Date: Sat, 11 Jun 2011 15:58:13 +1000
Dave, On Fri, Jun 10, 2011 at 5:01 PM, Christian Heinrich <christian.heinrich () cmlh id au> wrote:
Dave, On Thu, Jun 9, 2011 at 5:13 AM, Dave Aitel <dave.aitel () gmail com> wrote:I know Cigital went around doing a thousand page questionare to determine how security was built at various software companies. But you really can boil all that down to "what cool features did security kill".Is the above in reference to http://bsimm.com/ ?
BSIMM2 is a http://en.wikipedia.org/wiki/Maturity_model based on the real world secure software development practices implemented at ~30 companies, such as Adobe, Microsoft, Wells Fargo, Nokia, etc. Hence, if secure software development practices lack maturity, then "cool features" will be killed by "security" due to conflict. Vice versa, "cool features" shouldn't be killed by "security" if the secure software development practices are mature. I delivered a presentation on the results of BSIMM1 (USA), BSIMM1.5 (Europe) and BSIMM2 (revised data and additional companies from USA and Europe) which is available from http://www.slideshare.net/cmlh/bsimm -- Regards, Christian Heinrich http://cmlh.id.au/contact _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Fair and Balanced part 2! Dave Aitel (Jun 08)
- Re: Fair and Balanced part 2! Marc Maiffret (Jun 09)
- Re: Fair and Balanced part 2! joe mendez (Jun 10)
- Re: Fair and Balanced part 2! Jeffrey Walton (Jun 11)
- Re: Fair and Balanced part 2! joe mendez (Jun 10)
- Re: Fair and Balanced part 2! Christian Heinrich (Jun 10)
- Re: Fair and Balanced part 2! Christian Heinrich (Jun 11)
- Re: Fair and Balanced part 2! Marc Maiffret (Jun 09)