All, Julia Allen, a senior researcher over at CERT, did a podcast with Gary, Brian, and Sammy Migues several weeks ago on the Building Security In Maturity Model (BSIMM).
You can listen to the results over at http://www.cert.org/podcast/show/20090331mcgraw.html. They talk a little about their mindset when they started the BSIMM research and our goals for the business uses. BSIMM was released under Creative Commons license and is freely available at http://bsi-mm.com . You'll remember I sent a Tweet about SAMM (the other tine in this forked effort) maintained by Pravir Chandra. He did an OWASP Podcast on SAMM recently--and as a contributing author--I was a bit disappointed with its rantiness-there's a lot of exceptional structural/technical bits to SAMM that didn't come out. If you want to listen to it, it's here: http://www.owasp.org/download/jmanico/owasp_podcast_14.mp3 I'm intimately familiar with both models and have been helping companies assess, mature, and/or build their security group since about 2003. Is there chapter interest in a TECHNICAL comparison for one meeting? -jOHN _______________________________________________ Owasp-wash_dc_va mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-wash_dc_va
