Secure Coding mailing list archives

Re: BSIMM Diagrams

From: Iván Arce <ivan.w.arce () gmail com>
Date: Thu, 11 Apr 2013 19:55:36 -0300

Hi

I think that using a heatmap or a fixed size rectangular graph with a
2x2 outside matrix (Domains), a 3x3 inside matrix (practices x maturity
level) and collor coding in each cell based on its corresponding total
number of activities may work.

I'll try to produce a sample based on your data when I get some free time.

-ivan


On 4/10/13 10:29 AM, Craig Heath wrote:

Hi all!  List members might be interested in a blog post I've just
made here: http://bit.ly/ZEWluE

I attended the BSIMM Europe Open Forum last month, and one of the
topics that came up was how to show BSIMM assessment results usefully
on a diagram.  The spider chart as used in the BSIMM document is great
for a high-level visual comparison of a software security initiative
with an industry benchmark, but lacks detail of which specific
activities are undertaken.  At the forum, Sammy Migues shared
something he uses called an equalizer diagram, which is great for
showing gaps in coverage of software security activities, but lacks
comparison with a benchmark.

I wondered whether it would be possible to produce a diagram which
combines the advantages of both, and the post linked above describes
an attempt at that.

I'll be happy to discuss further either here or in the comments on the blog.

Thanks!

- Craig Heath.
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________


_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Current thread:

Re: BSIMM Diagrams Gary McGraw (Apr 12)
- <Possible follow-ups>
- Re: BSIMM Diagrams Iván Arce (Apr 12)
- Re: BSIMM Diagrams Iván Arce (Apr 18)
  - Re: BSIMM Diagrams Craig Heath (Apr 23)
- Re: BSIMM Diagrams Iván Arce (Apr 19)
- Re: BSIMM Diagrams Daniel Halber (Apr 19)