hi sc-l, In March 2009 we announced the publication of the BSIMM---a measuring stick for software security. We're pleased today to announce the publication of BSIMM2. We have tripled the size of the data set to thirty firms, including: Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Google, Intel, Intuit, Microsoft, Nokia, QUALCOMM, Sallie Mae, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, VMware, and Wells Fargo.
BSIMM2 is available for free under the creative commons license from <http://bsimm2.com>. Download your copy today. The BSIMM2 document itself is 53 pages. A concise treatment of the results can be found on the BSIMM2 web page under the "facts" tag: <http://bsimm2.com/facts/> Our study represents the work of 635 people who are members of the 30 firms' SSGs. Together, the firms have a collective 130 years of experience planning and executing 30 software security initiatives. Among other results, we have identified 15 core BSIMM activities. We think the descriptive nature of the BSIMM study is an important characteristic of the work. We describe not what you should do for software security, but what successful software security initiatives are actually doing. Use BSIMM2 to measure your own software security initiative and compare it to others. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com MUSIC http://www.amazon.com/dp/B003JPNV1I/?tag=lastfmmp3-20 _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
