hi sc-l, I just spent an excellent week in Leuven, Belgium at secappdev (our fearless moderator Ken was there as always). If you've never been to secappdev, it is certainly something to do at least once, if not annually.
One of the five presentations I gave in Leuven was about BSIMM2 (the 30 firm version of BSIMM). I wrote up an article with Brian Chess and Sammy Migues (my BSIMM co-creators) called "Software [In]security: What Works in Software Security --- Fifteen Common Activities from BSIMM2." In addition to highlighting the fifteen most common BSIMM activities, the article also provides the 30 firm data for all 110 activities in public for the first time. http://www.informit.com/articles/article.aspx?p=1569495 We're unveiling some statistical results at RSA this week that will enhance and expand the dataset published in the article. We'll do an official BSIMM2 launch within the next couple of months. Hope to see some of you at the RSA show (probably in the hall track). gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
