BSIMM update (informIT)

[gem at cigital.com (Gary McGraw)]

hi steve,

It's BSIMM Begin and we are delinquent looking into the data.  Hope to do that soon.  We have 75 partial vectors in the 
set (including some "control" vectors from full BSIMM participants).

Anyone who wants to help us "top off" the data...(I was hoping to gather 100 vectors)...click here:

http://bsi-mm.com/begin

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com



On 2/2/10 7:23 PM, "Steven M. Christey" <coley at linus.mitre.org> wrote:



On Tue, 2 Feb 2010, Arian J. Evans wrote:

> BSIMM is probably useful for government agencies, or some large
> organizations. But the vast majority of clients I work with don't have
> the time or need or ability to take advantage of BSIMM. Nor should
> they. They don't need a software security group.

I'm looking forward to what BSIMM Basic discovers when talking to small
and mid-size developers.  Many of the questions in the survey PDF assume
that the respondent has at least thought of addressing software security,
but not all questions assume the presence of an SSG, and there are even
questions about the use of general top-n lists vs. customized top-n lists
that may be informative.

- Steve
_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________