The automotive industry runs on software—but with increased software use comes an increased attack surface. Making safe, reliable vehicles starts with building secure software. Dr. Gary McGraw explains the importance of secure design principles and how to take the first step toward automotive software security. The original version of this article was published in The Security […]
Continue Reading...
Posted in Automotive Security, Maturity Model (BSIMM), Software Architecture and Design
The BSIMM—Building Security In Maturity Model—is now into its 10th year of being a self-described “measuring stick for software security” for multiple industries. But there are still newcomers—this year it’s retail. Ten retail firms participated in BSIMM9, which tracks the development of SSIs (software security initiatives) by organization based on 116 possible activities, grouped into […]
Continue Reading...
Posted in Maturity Model (BSIMM)
Automation is one of the keys to consistent and meaningful AppSec adoption in an evolving world. Many organizations have taken the first step in integrating their development and operations teams to drive more efficient delivery of applications and innovation to the market. They have come a long way by aligning around the shared goal of […]
Continue Reading...
Posted in Agile, CI/CD & DevOps, Maturity Model (BSIMM)
In our on-demand webinar with Mike Ware (Synopsys), you’ll learn what makes our latest observations of real-life software security initiatives in BSIMM9 so exciting.
Continue Reading...
Posted in Maturity Model (BSIMM), Webinars
You’ve probably seen the commercials. Different situations but always the same theme. In one of them, a guy tells his neighbor, “I need to get my roof repaired. Do you know any contractors?” “Uh, yeah, I might,” the neighbor replies. “Great,” says the first guy. “Can you do a free background check on him for […]
Continue Reading...
Posted in Maturity Model (BSIMM)
Over the past ten years, we’ve studied dozens of security activities performed by real-life firms to measure the software security practices used in organizations of different sizes, in different verticals, and at different levels of maturity. Quantifying these practices in the Building Security In Maturity Model (BSIMM) allows us to describe the common areas shared […]
Continue Reading...
Posted in Infographic, Maturity Model (BSIMM)
Have you heard of the BSIMM? If you have, you know it’s the best way to measure your software security initiative (SSI) year after year to see how it’s evolving and how you compare to your peers. If you haven’t, you’re in luck: The latest version is out now, and it’s notably different from last […]
Continue Reading...
Posted in Maturity Model (BSIMM), Software Security Initiative (SSI)
The 2018 Verizon Data Breach Investigations Report (DBIR)—the 11th annual exhaustive collection of good advice and (mostly) bad news—which dropped a couple of weeks ago, doesn’t contain any major surprises about the state of online security. The number of confirmed breaches—at least the ones reported by 67 contributors globally—was 2,216, among 53,308 “real-world incidents.” In […]
Continue Reading...
Posted in Data Breach, Maturity Model (BSIMM), Software Architecture and Design
Fault Injection is a podcast from Synopsys that digs deep into software quality and security issues. This week, hosts Robert Vamosi, CISSP and security strategist at Synopsys, and Chris Clark, principal security engineer at Synopsys, interview Sammy Migues, principal scientist here at Synopsys, about the new Building Security In Maturity Model (BSIMM) 8 report. You […]
Continue Reading...
Posted in Maturity Model (BSIMM), Podcasts
How does your software security initiative stack up against the best? Against others in your market? Against your own goals? A Building Security In Maturity Model (BSIMM) assessment can answer these questions. Whether you call it a software security initiative (SSI), application security program, product security process, or something else, it’s a business necessity to […]
Continue Reading...
Posted in Maturity Model (BSIMM), Software Security Initiative (SSI)
