Re: BSIMM-V Article in Application Development Times

[Stephen de Vries <stephen () continuumsecurity net>]

On 13 Dec 2013, at 22:51, Gary McGraw <gem () cigital com> wrote:
> From time to time we talk about getting to the dev community here.  This article is at least in the right publication!
>
> Read it and pass it on: http://adtmag.com/blogs/watersworks/2013/12/bsimm-v-released.aspx

Hi Gary,

In the current BSIMM-V dataset is it possible to narrow the data down to only organisations practising Agile dev?  I 
think it would be interesting to see which BSIMM activities are popular with agile houses, and which not.

Ideally, it would be nice to not only differentiate between Agile and non-agile, but different degrees of agile based 
on the length of iterations and/or the frequency of deployments.  E.g. less-agile = 3 month iterations and multi-month 
deploys, more-agile = continuous delivery with multiple deploys per day.


regards,


Stephen de Vries

http://www.continuumsecurity.net
Twitter: @stephendv



_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________