Learn how to drive your software security initiative with metrics, and get practical advice for open source security with Red Hat, in our upcoming webinars.
We asked a couple of AppSec experts and BSIMM participants about 2019 application security trends, challenges, obstacles, and solutions. Here’s what they said.
Posted in Maturity Model (BSIMM) | Comments Off on Experts talk application security at RSA
SCA tools are an essential part of your AppSec toolkit, because free and open source software—just like free puppies—comes with hidden costs and risks.
The automotive industry runs on software—but with increased software use comes an increased attack surface. Making safe, reliable vehicles starts with building secure software. Dr. Gary McGraw explains the importance of secure design principles and how to take the first step toward automotive software security.
This year’s BSIMM newcomer is retail. The concept of retail software security isn’t new, so why is retail late to the BSIMM party? We’ve got some theories.
Posted in Maturity Model (BSIMM) | Comments Off on Retail joins the BSIMM—finally
Automation is one of the keys to consistent and meaningful AppSec adoption in an evolving world. Many organizations have taken the first step in integrating their development and operations teams to drive more efficient delivery of applications and innovation to the market. They have come a long way by aligning around the shared goal of delivering stable, high-quality software quickly. One way they are achieving these efficiencies is through automation. Automation in DevOps By automating manual processes and building tools into continuous integration and continuous delivery (CI/CD) pipelines, development and operations teams have increased workflow efficiencies and trust between groups, which is essential as these once-disparate teams now merge to tackle critical issues as a single new team. We see the use and expansion of automation in the integration of tools such as GitLab for version control, Jenkins for CI, Jira for defect tracking, and Docker for container integration within toolchains. These tools work together to create a cohesive automated environment designed to allow organizations to focus on delivering higher-quality innovation faster to the market. Automation in DevSecOps Organizations are also realizing there is value in applying and sharing the value of automation by incorporating security principles earlier in the software development life cycle (SDLC). This creates shorter feedback loops and decreases friction, which allows engineers to detect and fix security and compliance issues faster and more naturally as part of software development workflows.
In our on-demand webinar with Mike Ware (Synopsys), you’ll learn what makes our latest observations of real-life software security initiatives in BSIMM9 so exciting.
The BSIMM isn’t a “how to” on developing an SSI. It’s a “what’s happening now” guide, based on SSI activities and tools used at 120 participating companies.
Posted in Maturity Model (BSIMM) | Comments Off on BSIMM9: Not a how-to but a roadmap to a better SSI
Over the past decade, we’ve studied dozens of security activities performed by real-life firms. Take a look at some key facts from this year’s BSIMM report.
Posted in Maturity Model (BSIMM) | Comments Off on BSIMM9 by the numbers
The BSIMM is the best way to measure your software security initiative (SSI) year after year to see how you and your peers are evolving in security efforts.
Posted in Maturity Model (BSIMM) | Comments Off on BSIMM9: Hot off the presses and better than ever