informIT: vBSIMM revised

[Gary McGraw <gem () cigital com>]

hi sc-l,

Third party software is a major risk category in most modern organizations (see Third-Party Software and 
Security<http://www.informit.com/articles/article.aspx?p=1809143>).  We have been working on a BSIMM derivative called 
the vBSIMM to help manage third party software risk.  Today we published a second, revised version  of the vBSIMM.  
Instead of focusing on an individual applications, the vBSIMM approach focuses on software security initiative 
measurement.

After trying vBSIMM out at a major Wall Street bank as a pilot and then discussing the results of that study during the 
second BSIMM Conference last Fall, we have completely revised the vBSIMM model.  Read about the changes here:

vBSIMM Take Two (BSIMM for Vendors Revised)<http://www.informit.com/articles/article.aspx?p=1832574> (January 26, 2012)

The vBSIMM is now graduating from pilot to full fledged use at the bank where we first rolled it out.  We welcome 
others to make us of it as well.  For more on the relation between the vBSIMM and the real BSIMM, see 
http://bsimm.com/vbsimm/.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________