BSIMM2 (as seen on informIT)

[gem at cigital.com (Gary McGraw)]

hi sc-l,

Nice night for the data center to crash at informIT!

The BSIMM2 document itself is 53 pages.  A concise treatment of the results can be found in this month's informIT 
column in an article titled "BSIMM2: Measuring the Emergence of a Software Security Community":
<http://www.informit.com/articles/article.aspx?p=1592389>

Sorry for the delay.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

MUSIC http://www.amazon.com/dp/B003JPNV1I/?tag=lastfmmp3-20



On 5/12/10 8:53 AM, "gem" <gem at cigital.com> wrote:

hi sc-l,

In March 2009 we announced the publication of the BSIMM---a measuring stick for software security.  We're pleased today 
to announce the publication of BSIMM2.  We have tripled the size of the data set to thirty firms, including: Adobe, 
Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Google, Intel, Intuit, 
Microsoft, Nokia, QUALCOMM, Sallie Mae, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, VMware, and 
Wells Fargo.

BSIMM2 is available for free under the creative commons license from <http://bsimm2.com>.  Download your copy today.

The BSIMM2 document itself is 53 pages.  A concise treatment of the results can be found on the BSIMM2 web page under 
the "facts" tag: <http://bsimm2.com/facts/>

Our study represents the work of 635 people who are members of the 30 firms' SSGs.  Together, the firms have a 
collective 130 years of experience planning and executing 30 software security initiatives.  Among other results, we 
have identified 15 core BSIMM activities.

We think the descriptive nature of the BSIMM study is an important characteristic of the work.  We describe not what 
you should do for software security, but what successful software security initiatives are actually doing.  Use BSIMM2 
to measure your own software security initiative and compare it to others.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

MUSIC http://www.amazon.com/dp/B003JPNV1I/?tag=lastfmmp3-20

_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________