hi sc-l, informIT just published my February column, once again co-authored by Brian Chess and Sammy Migues. This is the third in the series of articles about the maturity model. We have decided to call it the Building Security In Maturity Model (BSIMM).
The latest article covers 13 of the 110 activities in the model. Of those 14, all nine of the organizations in our study did nine. The other 4 are done by most organizations (but not all nine), and were added to ensure coverage of the Software Security Framework. http://www.informit.com/articles/article.aspx?p=1326511 We will release the complete BSIMM model soon under a creative commons license. Stay tuned for that! gem company www.cigital.com podcast www.cigital.com/silverbullet podcast www.cigital.com/realitycheck blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
