BSIMM2: 15 things most firms do

[gem at cigital.com (Gary McGraw)]

hi sc-l,

I just spent an excellent week in Leuven, Belgium at secappdev (our fearless moderator Ken was there as always).  If 
you've never been to secappdev, it is certainly something to do at least once, if not annually.

One of the five presentations I gave in Leuven was about BSIMM2 (the 30 firm version of BSIMM).  I wrote up an article 
with Brian Chess and Sammy Migues (my BSIMM co-creators) called "Software [In]security: What Works in Software Security 
--- Fifteen Common Activities from BSIMM2."  In addition to highlighting the fifteen most common BSIMM activities, the 
article also provides the 30 firm data for all 110 activities in public for the first time.

http://www.informit.com/articles/article.aspx?p=1569495

We're unveiling  some statistical results at RSA this week that will enhance and expand the dataset published in the 
article.  We'll do an official BSIMM2 launch within the next couple of months.

Hope to see some of you at the RSA show (probably in the hall track).

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com