Dave, On Fri, Jun 10, 2011 at 5:01 PM, Christian Heinrich <[email protected]> wrote: > Dave, > > On Thu, Jun 9, 2011 at 5:13 AM, Dave Aitel <[email protected]> wrote: >> I know Cigital went around doing a thousand page questionare to >> determine how security was built at various software companies. But >> you really can boil all that down to "what cool features did security >> kill". > > Is the above in reference to http://bsimm.com/ ?
BSIMM2 is a http://en.wikipedia.org/wiki/Maturity_model based on the real world secure software development practices implemented at ~30 companies, such as Adobe, Microsoft, Wells Fargo, Nokia, etc. Hence, if secure software development practices lack maturity, then "cool features" will be killed by "security" due to conflict. Vice versa, "cool features" shouldn't be killed by "security" if the secure software development practices are mature. I delivered a presentation on the results of BSIMM1 (USA), BSIMM1.5 (Europe) and BSIMM2 (revised data and additional companies from USA and Europe) which is available from http://www.slideshare.net/cmlh/bsimm -- Regards, Christian Heinrich http://cmlh.id.au/contact _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
