One take on the differences between OpenSAMM vs BSIMM is the work that Cigital and Fortify did to validate BSIMM with real-world enterprises such as DTCC. If folks on this list had the ultimate "influence" card they could pull out and throw at Gartner, Forrester, Burton Group, etc, would OpenSAMM at the end of the day appear more credible if the analyst firms measured large enterprises against OpenSAMM in terms of published research? ************************************************************ This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
