Paco, By your same logic I would not consider BSIMM a lifecycle either. It's a thermometer to measure an SDLC against what some some of the largest companies are doing. As others have noted, BSIMM does not translate well into the SMB market where most software is written. Don't get me wrong, BSIMM is very interesting data and is useful. But a comprehensive secure software lifecycle for every company it is not.
- Jim Manico On Jul 19, 2011, at 9:35 AM, Paco Hope <p...@cigital.com> wrote: > Think of the > BSIMM like a thermometer. It _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________