Software Integrity Blog

Author Archive

Sammy Migues

smigues

Sammy Migues is a principal scientist at Synopsys. He is an information security visionary with a proven record of entrepreneurial innovation, intellectual capital development, practical business solutions, and performance optimization. Sammy is a respected thought-leader in software security initiatives and related application security programs, asserting, “I still know what I’m talking about. Really.” Sammy spends his free time in pursuit of more knowledge, so you can be assured he does.


Posts by Sammy Migues:

 

BSIMM6 brings science to software security

The sixth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives. By now, you should have heard about the Building Security In Maturity Model (BSIMM) project, especially if you are a software security person. Maybe you’ve even downloaded a copy of your […]

Continue Reading...

Posted in Maturity Model (BSIMM), Software Security Initiative (SSI) | Comments Off on BSIMM6 brings science to software security

 

Risk ranking your applications: A method to the madness

You likely have a diverse mix of applications within your organization. You have everything from apps powering web and mobile tools that just launched to internal functionality you’ve not updated in years. You created some applications in-house, external partners supplied some, and some are critically dependent on open source code built by developers with which […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Risk ranking your applications: A method to the madness

 

The risk of too much risk management

IT controls. Corporate governance. Decision support. Right-sized spending (another phrase I thought I coined, but I see it gets three hits in Google). These are all part of the all-too-nebulous activity often referred to as data security risk management. Let’s put a stake in the ground on what risk management means. I’m not referring to […]

Continue Reading...

Posted in Software Security Initiative (SSI) | Comments Off on The risk of too much risk management