The 2018 Verizon Data Breach Investigations Report (DBIR)—the 11th annual exhaustive collection of good advice and (mostly) bad news—which dropped a couple of weeks ago, doesn’t contain any major surprises about the state of online security. The number of confirmed breaches—at least the ones reported by 67 contributors globally—was 2,216, among 53,308 “real-world incidents.” In […]
Continue Reading...
Posted in Application Security, Data Breach, Maturity Model (BSIMM), Vulnerability Assessment
We recently sat down with Synopsys VP of security technology, Dr. Gary McGraw, to discuss his latest research effort. In addition to the annual Building Security In Maturity Model (BSIMM), Gary has set out to identify the ways in which CISOs approach their job role. The CISO project team, which included Sammy Migues and Dr. […]
Continue Reading...
Posted in CISO, Maturity Model (BSIMM)
Fault Injection is a podcast from Synopsys that digs deep into software quality and security issues. This week, hosts Robert Vamosi, CISSP and security strategist at Synopsys, and Chris Clark, principal security engineer at Synopsys, interview Sammy Migues, principal scientist here at Synopsys, about the new Building Security In Maturity Model (BSIMM) 8 report. You […]
Continue Reading...
Posted in Application Security, Maturity Model (BSIMM)
How does your software security initiative stack up against the best? Against others in your market? Against your own goals? A Building Security In Maturity Model (BSIMM) assessment can answer these questions. Whether you call it a software security initiative (SSI), application security program, product security process, or something else, it’s a business necessity to […]
Continue Reading...
Posted in Application Security, Maturity Model (BSIMM), Software Security Program Development, Software Security Testing
Originally posted on SecurityWeek. 1. Shift Left. 2. Test earlier in the development cycle. 3. Catch flaws in design before they become vulnerabilities. These are all maxims you hear frequently in the discussion surrounding software security. If this is not your first visit to one of my columns it is certainly not the first time […]
Continue Reading...
Posted in Application Security, Maturity Model (BSIMM), Software Quality
In 2015, healthcare became the most attacked industry, replacing financial services. Since 2010, there have been at least eight healthcare industry breaches publically reported in the media. The 2016 Cyber Security Intelligence Index states that five of the eight breaches took place during the first half of 2015. During that period, over 100 million medical […]
Continue Reading...
Posted in Healthcare Security, Maturity Model (BSIMM)
If you play a role in your organization’s software security program, you already know that there’s no shortage of things to do to improve your firm’s security activities. To bring security priorities into focus, the Building Security In Maturity Model (BSIMM) highlights the 113 most commonly observed software security activities. The BSIMM thus enables experts like […]
Continue Reading...
Posted in Maturity Model (BSIMM)
Third-party products and services are an integral part of business operations. Organizations depend heavily on optimizing their solutions by reducing costs; thus, bringing about the need for external expertise. Third-party organizations promise timely delivery of products and services, meeting compliance requirements, and optimizing the organization’s overall business performance. Reasons for bringing in a third party […]
Continue Reading...
Posted in Maturity Model (BSIMM), Security Risk Assessment, Vendor Risk Management
Seven years of data gathered from 100+ initiatives provide a bird’s eye view of software security. You can apply lessons from the Building Security In Maturity Model (BSIMM) to your business regardless of your industry, your size, or the mix of your applications. How high can you soar? Learn the seven undeniable truths to make […]
Continue Reading...
Posted in Infographic, Maturity Model (BSIMM)
Evaluating the progress of your software security journey is essential, but it can be a considerable challenge. Tracking operational metrics doesn’t tell you whether you are doing the right things. Analyst reports are often too general to provide tactical direction. And companies hold their security plans so close to the vest, it makes competitive research […]
Continue Reading...
Posted in Application Security, Maturity Model (BSIMM), Threat Modeling
