Software Integrity

Archive for the 'Maturity Model (BSIMM)' Category

 

Automation: One of the keys to DevSecOps

Automation is one of the keys to consistent and meaningful AppSec adoption in an evolving world. Many organizations have taken the first step in integrating their development and operations teams to drive more efficient delivery of applications and innovation to the market. They have come a long way by aligning around the shared goal of […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Featured, Maturity Model (BSIMM)

 

Webinar: BSIMM9: Here’s what’s new!

In early October, we released the latest version of the BSIMM report, BSIMM9. While many things about the report haven’t changed much, it’s the new things that make it really exciting. After 10 years of study and 167 total firms measured, we’re seeing interesting trends in the state of software security initiatives and how firms […]

Continue Reading...

Posted in Maturity Model (BSIMM), Webinar

 

BSIMM9: Not a how-to but a roadmap to a better SSI

You’ve probably seen the commercials. Different situations but always the same theme. In one of them, a guy tells his neighbor, “I need to get my roof repaired. Do you know any contractors?” “Uh, yeah, I might,” the neighbor replies. “Great,” says the first guy. “Can you do a free background check on him for […]

Continue Reading...

Posted in Maturity Model (BSIMM)

 

BSIMM9 by the numbers

Over the past ten years, we’ve studied dozens of security activities performed by real-life firms to measure the software security practices used in organizations of different sizes, in different verticals, and at different levels of maturity. Quantifying these practices in the Building Security In Maturity Model (BSIMM) allows us to describe the common areas shared […]

Continue Reading...

Posted in Infographic, Maturity Model (BSIMM)

 

BSIMM9: Hot off the presses and better than ever

Have you heard of the BSIMM? If you have, you know it’s the best way to measure your software security initiative (SSI) year after year to see how it’s evolving and how you compare to your peers. If you haven’t, you’re in luck: The latest version is out now, and it’s notably different from last […]

Continue Reading...

Posted in Maturity Model (BSIMM), Software Security Initiative (SSI)

 

Verizon DBIR puts security burden on users

The 2018 Verizon Data Breach Investigations Report (DBIR)—the 11th annual exhaustive collection of good advice and (mostly) bad news—which dropped a couple of weeks ago, doesn’t contain any major surprises about the state of online security. The number of confirmed breaches—at least the ones reported by 67 contributors globally—was 2,216, among 53,308 “real-world incidents.” In […]

Continue Reading...

Posted in Data Breach, Maturity Model (BSIMM), Software Architecture and Design

 

Fault Injection Podcast: Sammy Migues introduces BSIMM8

Fault Injection is a podcast from Synopsys that digs deep into software quality and security issues. This week, hosts Robert Vamosi, CISSP and security strategist at Synopsys, and Chris Clark, principal security engineer at Synopsys, interview Sammy Migues, principal scientist here at Synopsys, about the new Building Security In Maturity Model (BSIMM) 8 report. You […]

Continue Reading...

Posted in Maturity Model (BSIMM)

 

The BSIMM helps organizations mature software security

How does your software security initiative stack up against the best? Against others in your market? Against your own goals? A Building Security In Maturity Model (BSIMM) assessment can answer these questions. Whether you call it a software security initiative (SSI), application security program, product security process, or something else, it’s a business necessity to […]

Continue Reading...

Posted in Maturity Model (BSIMM), Software Security Initiative (SSI)

 

Smart devices, smart grids, and cyber security

A recent “Innovation Spotlight” in the IEEE XPLORE Digital Library announced “a first-of-its-kind charger that allows plug-in electric vehicles (PEVs) to deliver excess capacity to the power grid and recharge during off-peak hours.” Promising new technologies often evoke questions about security. Suppose a bad actor exploits the connection somehow and brings down portions of the […]

Continue Reading...

Posted in Critical Infrastructure Security, Government Security, Maturity Model (BSIMM), Security Standards and Compliance

 

How to reduce risk while saving on the cost of resolving security defects

Originally posted on SecurityWeek.  1. Shift Left. 2. Test earlier in the development cycle.  3. Catch flaws in design before they become vulnerabilities. These are all maxims you hear frequently in the discussion surrounding software security. If this is not your first visit to one of my columns it is certainly not the first time […]

Continue Reading...

Posted in Maturity Model (BSIMM)