hi sc-l, I am proud to announce that the BSIMM-V document is complete and the website has been entirey revised/updated. Please download a copy of BSIMM-V today: http://bsimm.com
BSIMM-V describes the software security initiatives at sixty-seven firms, including: Adobe, Aetna, Bank of America, Box, Capital One, Comerica Bank, EMC, Epsilon, F-Secure, Fannie Mae, Fidelity, Goldman Sachs, HSBC, Intel, Intuit, JPMorgan Chase & Co., Lender Processing Services Inc., Marks and Spencer, Mashery, McAfee, McKesson, Microsoft, NetSuite, Neustar, Nokia, Nokia Siemens Networks, PayPal, Pearson Learning Technologies, QUALCOMM, Rackspace, Salesforce, Sallie Mae, SAP, Sony Mobile, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, TomTom, Vanguard, Visa, VMware, Wells Fargo, and Zynga. All told, the BSIMM describes the work of 975 SSG members working with a satellite of 1,953 people to secure the software developed by 272,358 developers. Software security measurement. gem "If you are thinking about developing a software security program, or enhancing your existing one, the BSIMM will provide you a tried and true measurement and planning tool developed by some of the top security practitioners in the world. BSIMM-V is the continued evolution of this data driven set of real world software security practices, making it more relevant than ever. If you don’t think that a software security program or BSIMM is right for you, well… it’s only a matter of time!" Gary Warzala CISO, Visa "Improving any engineering process requires a solid set of empirical metrics from which we can compare and contrast our own processes. Software security is no exception, and for far too long the community has been relying too heavily on anecdotal 'evidence.' Those excuses are no longer valid. Nowhere else will you find a more solid set of real world observations than in the BSIMM study. I'm happy to see with the release of BSIMM-V that the model has continued to grow and improve since its inception." Kenneth R. van Wyk KRvW Associates, LLC _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________