Secure Coding mailing list archives
Re: BSIMM Diagrams
From: Gary McGraw <gem () cigital com>
Date: Thu, 11 Apr 2013 22:07:11 -0400
hi craig, Nice posting. Don't forget the highest resolution chart which shows ALL activities! That one is my favorite. Daggum Sammy meme propagating. gem On 4/10/13 9:29 AM, "Craig Heath" <craig () franklinheath co uk> wrote:
Hi all! List members might be interested in a blog post I've just made here: http://bit.ly/ZEWluE I attended the BSIMM Europe Open Forum last month, and one of the topics that came up was how to show BSIMM assessment results usefully on a diagram. The spider chart as used in the BSIMM document is great for a high-level visual comparison of a software security initiative with an industry benchmark, but lacks detail of which specific activities are undertaken. At the forum, Sammy Migues shared something he uses called an equalizer diagram, which is great for showing gaps in coverage of software security activities, but lacks comparison with a benchmark. I wondered whether it would be possible to produce a diagram which combines the advantages of both, and the post linked above describes an attempt at that. I'll be happy to discuss further either here or in the comments on the blog. Thanks! - Craig Heath. _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
_______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Re: BSIMM Diagrams Gary McGraw (Apr 12)
- <Possible follow-ups>
- Re: BSIMM Diagrams Iván Arce (Apr 12)
- Re: BSIMM Diagrams Iván Arce (Apr 18)
- Re: BSIMM Diagrams Craig Heath (Apr 23)
- Re: BSIMM Diagrams Iván Arce (Apr 19)
- Re: BSIMM Diagrams Daniel Halber (Apr 19)