Thanks Ivan! Unfortunately I wasn't able to look at this straight away, and when I go to the link now I get "ME-ERR-002 Sorry, we couldn't find the page you were looking for."
Would you be able to put it up again? Cheers! - Craig. On 18 April 2013 20:13, Iván Arce <ivan.w.a...@gmail.com> wrote: > Here's a treemap visualization of the same BSIMM measurement from Craig > Heath's blogpost. > > http://www-958.ibm.com/v/297862 > > The ordering I've found most useful is Domain->Maturity Level->Practice > with the area of rectangular boxes based on the total coun tof > activities in each (practice,level) combination and coloring based on > count of observed activities. Level->domin-Practice seems useful too. > The data file I used is available on the same site. > > The visualization tool allows reodering the categories and changing the > area/color coding ranges inteactively. Unfortunately this requires the > Java plugin enabled in the browser. If there's interest I'll try to find > a non Java, non-windows-only fat-client (ie. Tableau Public) way of > publishing it. > > PLease send comments or any other feedback to the SC-L list > > > thanks, > > -ivan > > > On 4/10/13 10:29 AM, Craig Heath wrote: > > Hi all! List members might be interested in a blog post I've just > > made here: http://bit.ly/ZEWluE > > > > I attended the BSIMM Europe Open Forum last month, and one of the > > topics that came up was how to show BSIMM assessment results usefully > > on a diagram. The spider chart as used in the BSIMM document is great > > for a high-level visual comparison of a software security initiative > > with an industry benchmark, but lacks detail of which specific > > activities are undertaken. At the forum, Sammy Migues shared > > something he uses called an equalizer diagram, which is great for > > showing gaps in coverage of software security activities, but lacks > > comparison with a benchmark. > > > > I wondered whether it would be possible to produce a diagram which > > combines the advantages of both, and the post linked above describes > > an attempt at that. > > > > I'll be happy to discuss further either here or in the comments on the > blog. > > > > Thanks! > > > > - Craig Heath. > > _______________________________________________ > > Secure Coding mailing list (SC-L) SC-L@securecoding.org > > List information, subscriptions, etc - > http://krvw.com/mailman/listinfo/sc-l > > List charter available at - http://www.securecoding.org/list/charter.php > > SC-L is hosted and moderated by KRvW Associates, LLC ( > http://www.KRvW.com) > > as a free, non-commercial service to the software security community. > > Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates > > _______________________________________________ > > > >
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
