BSIMM-V is alive

[Gary McGraw <gem () cigital com>]

hi sc-l,

I am proud to announce that the BSIMM-V document is complete and the website has been entirey revised/updated.  Please 
download a copy of BSIMM-V today: http://bsimm.com

BSIMM-V describes the software security initiatives at sixty-seven firms, including: Adobe, Aetna, Bank of America, 
Box, Capital One, Comerica Bank, EMC, Epsilon, F-Secure, Fannie Mae, Fidelity, Goldman Sachs, HSBC, Intel, Intuit, 
JPMorgan Chase & Co., Lender Processing Services Inc., Marks and Spencer, Mashery, McAfee, McKesson, Microsoft, 
NetSuite, Neustar, Nokia, Nokia Siemens Networks, PayPal, Pearson Learning Technologies, QUALCOMM, Rackspace, 
Salesforce, Sallie Mae, SAP, Sony Mobile, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, TomTom, 
Vanguard, Visa, VMware, Wells Fargo, and Zynga. All told, the BSIMM describes the work of 975 SSG members working with 
a satellite of 1,953 people to secure the software developed by 272,358 developers.

Software security measurement.

gem


"If you are thinking about developing a software security program, or enhancing your existing one, the BSIMM will 
provide you a tried and true measurement and planning tool developed by some of the top security practitioners in the 
world. BSIMM-V is the continued evolution of this data driven set of real world software security practices, making it 
more relevant than ever. If you don’t think that a software security program or BSIMM is right for you, well… it’s only 
a matter of time!"

Gary Warzala

CISO, Visa

"Improving any engineering process requires a solid set of empirical metrics from which we can compare and contrast our 
own processes. Software security is no exception, and for far too long the community has been relying too heavily on 
anecdotal 'evidence.' Those excuses are no longer valid. Nowhere else will you find a more solid set of real world 
observations than in the BSIMM study. I'm happy to see with the release of BSIMM-V that the model has continued to grow 
and improve since its inception."
Kenneth R. van Wyk
KRvW Associates, LLC

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________