Hi SC-L,
For the first time ever, we will have an invited talk specifically for
the International Workshop on Secure Software Engineering (SecSE) in
Vienna this summer - Gary McGraw will talk about BSIMM2 (see below for
an abstract) and lead the ensuing discussion.
If you always wanted to know what BSIMM(2) is all about, you now have a
chance to hear it directly from Gary. So, it's time to take all those
insights and ideas you have accumulated during your many years in the
secure coding universe, and hammer out your own paper to the SecSE
workshop - if you start now, you have almost three weeks at your
disposal. See http://sintef.org/secse for more information!
Cheers,
Martin Gilje Jaatun
PS:
BSIMM2: The Building Security In Maturity Model http://bsimm2.com
Software security has made great progress over the last decade. The
Building Security In Maturity Model (BSIMM, pronounced ³bee simm²) is
designed to help understand, measure, and plan a software security
initiative. Of the sixty large-scale software security initiatives we
are aware of, thirty-two---all household names---are currently included
in the BSIMM study. Those companies among the thirty who graciously
agreed to be identified include: Adobe, Aon, Bank of America, Capital
One, The Depository Trust & Clearing Corporation (DTCC), EMC, Google,
Intel, Intuit, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, SAP,
Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, VMware,
and Wells
Fargo. The BSIMM was created by observing and analyzing real-world data
from thirty-two leading software security initiatives. The BSIMM can
help a firm determine how its organization compares to other real-world
software security initiatives and what steps can be taken to make its
approach more effective. The most important use of the BSIMM is as a
measuring stick to determine where a particular approach to software
security currently stands relative to others.
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________
