We just hosted the first ever BSIMM Community Conference in Annapolis, MD this week. I’m proud to say it was a smash hit. The schedule was packed full of interesting talks from leaders among the BSIMM Community including Microsoft, Intel, Salie Mae, JP Morgan Chase, QUALCOMM, Fidelity, Adobe and Cigital, but by far the most important aspect of the conference was the incredible energy generated when a room full of like-minded professionals get together. Twenty of the 32 BSIMM firms were in attendance (each represented by 3 people). My favorite part of the conference was watching attendees eyes light up as they met their peers from other organizations.
The power of the BSIMM was on full display. We discussed the BSIMM’s utility as a measurement tool, as a way to compare progress in software security among firms and vertical markets, as a tool to help position and fund an initiative, and as a set of data to inform strategic software security investment decisions. Science is catching on in software security!
The BSIMM continues to evolve and grow as more measurements are made. Counting major divisions in some of the firms, we have made 57 distinct BSIMM measurements over the last two years. We’re beginning to re-measure some of the original participants and understand how software security initiatives change over time. Expect publications about that work (including lots of actual data) in the Spring.
If you are interested in joining the BSIMM Community (which entails being measured by objective observers, joining the moderated mailing list, and attending BSIMM Community Conferences to come), please don’t hesitate to contact us.
For more about the BSIMM project and to download a copy of the model itself, see the BSIMM website.