Re: [SC-L] BSIMM-V Article in Application Development Times

2013-12-21 Thread Sammy Migues
Hi Stephen, I agree that would be interesting. While we have data at the firm level for all BSIMM participants, and at the BU level for many BSIMM participants, we don't formally capture data on development methodology (as opposed to software security activities) for each development team (whic

Re: [SC-L] Application Security Debt and Application Interest Rates

2011-03-06 Thread Sammy Migues
Just in case others have missed it, there's a response from Russell Thomas on the New School blog at http://newschoolsecurity.com/2011/03/fixes-to-wysophal's-application-security-debt-metric/. F

[SC-L] Julia Allen podcast on BSIMM

2009-04-01 Thread Sammy Migues
Hello everyone, Julia Allen, a senior researcher over at CERT, did a podcast with Gary, Brian, and me several weeks ago on the Building Security In Maturity Model (BSIMM). You can listen to the results over at http://www.cert.org/podcast/show/20090331mcgraw.html. We talk a little about our mi

Re: [SC-L] Supply Chain Resiliency Project Assistance

2009-03-22 Thread Sammy Migues
Hello everyone, To reinforce Mason's request, we're looking for any collection of "controls" (contractual, technical, people, process, etc.) that organizations should request, demand, cajole, enforce, etc. when out-sourcing software development to ensure the required "software security" in the

Re: [SC-L] Positive impact of an SSG

2009-03-11 Thread Sammy Migues
t *are* you doing now?" and documented it so others could learn from it. --Sammy. -Original Message- From: Pravir Chandra [mailto:chan...@list.org] Sent: Wednesday, March 11, 2009 4:00 AM To: Sammy Migues; sc-l-boun...@securecoding.org; sc-l@securecoding.org Subject: Re: [SC-L] Positive

Re: [SC-L] Positive impact of an SSG

2009-03-10 Thread Sammy Migues
afford an SSG. I believe every organization that wants to succeed can afford to have someone in charge of success, but that's just my opinion and isn't relevant to BSIMM. Cheers, --Sammy. -Original Message- From: Pravir Chandra [mailto:chan...@list.org] Sent: Tuesday, March

[SC-L] Positive impact of an SSG

2009-03-10 Thread Sammy Migues
our system and software development lifecycle," Routh says. This is a three-year-old initiative that educates and certifies developers in all DTCC environments in security. Developers are also provided with the necessary code-scanning tools and consulting and services help to keep production co

[SC-L] Human Elements of Security Survey

2008-10-09 Thread Sammy Migues
the survey findings and a chance to win one of 3 Apple iPod touch devices. Thank you for your participation. Sincerely, Michael Maziarz Safelight Security Advisors [EMAIL PROTECTED] Sammy Migues Cigital [EMAIL PROTECTED] ___ Secure Coding mailing list

Re: [SC-L] Software Security Training for Developers

2007-08-21 Thread Sammy Migues
IO. --Sammy. -Original Message- From: Hollis via Rubicon Recluse [mailto:[EMAIL PROTECTED] Sent: Monday, August 20, 2007 2:09 PM To: Johan Peeters Cc: Sammy Migues; sc-l@securecoding.org Subject: Re: [SC-L] Software Security Training for Developers Hi Sammie and Yo, Tkx for the good highlev

Re: [SC-L] Software Security Training for Developers

2007-08-17 Thread Sammy Migues
ble impact (e.g., finding many more security-related bugs much earlier in the SDLC) much more quickly. I recently put together some (long) thoughts on an approach for training. You can see them at http://www.cigital.com/justiceleague/2007/06/25/training-material-training-and-behavior-modification-par