Try this on for size. JPMC already uses it in practice.
vBSIMM (BSIMM for Vendors)
http://www.informit.com/articles/article.aspx?p=1703668 (April 12, 2011)
gem
On 7/18/11 8:35 PM, Anurag Agarwal anurag.agar...@yahoo.com wrote:
Gary - So my next question is, can we come up with something
To clarify further, this is not meant to be prescriptive or even a set of
best practices. It's simple observation on how many organizations tend to
evolve if secure SDLC is not a major priority. I can't say it's based on
hard data but we have compiled the steps from experiences at several clients
To clarify further, this is not meant to be prescriptive or even a set
of best
practices. It's simple observation on how many organizations tend to
evolve if
secure SDLC is not a major priority. I can't say it's based on hard data
but we
have compiled the steps from experiences at several
Hi Paco, sorry I suppose I misunderstood BSIMM's data collection
methodology. In any event, I think it's clear this model isn't really an
alternative to BSIMM - it's a very coarse-grained set of steps that many
organizations follow before they begin to take on a more disciplined
approach to a
Jim,
You're spot on. BSIMM is not a lifecycle for any company. Heck, it's not even a
set of recommendations. It's simply a way to measure what a firm does. It's a
model formulated from observations about how some firms' implement software
security in their lifecycles. You'll never catch us