Re: The Organic Secure SDLC

[James Manico <jim () manico net>]

Paco,

By your same logic I would not consider BSIMM a lifecycle either. It's
a thermometer to measure an SDLC against what some some of the largest
companies are doing. As others have noted, BSIMM  does not translate
well into the SMB market where most software is written. Don't get me
wrong, BSIMM is very interesting data and is useful. But a
comprehensive secure software lifecycle for every company it is not.

- Jim Manico

On Jul 19, 2011, at 9:35 AM, Paco Hope <Paco () cigital com> wrote:

> Think of the
> BSIMM like a thermometer. It
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________