Software Integrity Blog

Author Archive

Sammy Migues


Sammy Migues is principal scientist within the Synopsys Software Integrity Group where he studies evolving application security market needs, creates solutions for the hard problems, and leads organizations through transformational improvements. Over the past 15 years, Sammy focused on computer-based and instructor-led training, smart grid, supply chain security, metrics, software security initiative maturity, and management consulting. Sammy is a co-creator and the maintainer of the Building Security In Maturity Model (BSIMM), the only study of its kind to capture the actual software security practices in over 200 firms around the globe. Sammy also co-authored the Synopsys CISO Report, a review of approaches to the CISO role, and the BSIMMsc, an application of the BSIMM for supply chain security. His thought leadership and expertise has appeared in Dark Reading, Infosecurity Magazine, Forbes, Supply Chain Digital, and The Daily Swig, among many media publications. He has spoken at public conferences including Gartner, FS-ISAC, and RSA. Sammy is also a frequent speaker at private conferences, such as the members-only BSIMM conference, and internal security conferences.

Posts by Sammy Migues:


Risk ranking your applications: A method to the madness

You likely have a diverse mix of applications within your organization.

Continue Reading...

Posted in Software Architecture & Design


Building meaningful security metrics

Continue Reading...

Posted in Application Security


The risk of too much risk management

IT controls. Corporate governance. Decision support. Right-sized spending (another phrase I thought I coined, but I see it gets three hits in Google). These are all part of the all-too-nebulous activity often referred to as data security risk management.

Continue Reading...

Posted in Software Security Program