We asked a couple of AppSec experts and BSIMM participants about 2019 application security trends, challenges, obstacles, and solutions. Here’s what they said.
Posted in Maturity Model (BSIMM) | Comments Off on Experts talk application security at RSA
SCA tools are an essential part of your AppSec toolkit, because free and open source software—just like free puppies—comes with hidden costs and risks.
Posted in Maturity Model (BSIMM), Open Source Security, Software Composition Analysis | Comments Off on The hidden costs and risks of free puppies (and open source)
The automotive industry runs on software—but with increased software use comes an increased attack surface. Making safe, reliable vehicles starts with building secure software. Dr. Gary McGraw explains the importance of secure design principles and how to take the first step toward automotive software security. The original version of this article was published in The Security […]
Posted in Automotive Security, Maturity Model (BSIMM), Software Architecture and Design | Comments Off on From mainframes to connected cars: How software drives the automotive industry
The BSIMM—Building Security In Maturity Model—is now into its 10th year of being a self-described “measuring stick for software security” for multiple industries. But there are still newcomers—this year it’s retail. Ten retail firms participated in BSIMM9, which tracks the development of SSIs (software security initiatives) by organization based on 116 possible activities, grouped into […]
Posted in Maturity Model (BSIMM) | Comments Off on Retail joins the BSIMM—finally
Automation is one of the keys to consistent and meaningful AppSec adoption in an evolving world. Many organizations have taken the first step in integrating their development and operations teams to drive more efficient delivery of applications and innovation to the market. They have come a long way by aligning around the shared goal of […]
Posted in Agile, CI/CD & DevOps, Maturity Model (BSIMM) | Comments Off on Automation: One of the keys to DevSecOps
In our on-demand webinar with Mike Ware (Synopsys), you’ll learn what makes our latest observations of real-life software security initiatives in BSIMM9 so exciting.
Posted in General, Maturity Model (BSIMM), Webinars | Comments Off on Webinar: BSIMM9: Here’s what’s new!
You’ve probably seen the commercials. Different situations but always the same theme. In one of them, a guy tells his neighbor, “I need to get my roof repaired. Do you know any contractors?” “Uh, yeah, I might,” the neighbor replies. “Great,” says the first guy. “Can you do a free background check on him for […]
Posted in Maturity Model (BSIMM) | Comments Off on BSIMM9: Not a how-to but a roadmap to a better SSI
Over the past ten years, we’ve studied dozens of security activities performed by real-life firms to measure the software security practices used in organizations of different sizes, in different verticals, and at different levels of maturity. Quantifying these practices in the Building Security In Maturity Model (BSIMM) allows us to describe the common areas shared […]
Posted in General, Maturity Model (BSIMM) | Comments Off on BSIMM9 by the numbers
Have you heard of the BSIMM? If you have, you know it’s the best way to measure your software security initiative (SSI) year after year to see how it’s evolving and how you compare to your peers. If you haven’t, you’re in luck: The latest version is out now, and it’s notably different from last […]
Posted in General, Maturity Model (BSIMM) | Comments Off on BSIMM9: Hot off the presses and better than ever
The 2018 Verizon Data Breach Investigations Report (DBIR)—the 11th annual exhaustive collection of good advice and (mostly) bad news—which dropped a couple of weeks ago, doesn’t contain any major surprises about the state of online security. The number of confirmed breaches—at least the ones reported by 67 contributors globally—was 2,216, among 53,308 “real-world incidents.” In […]
Posted in Data Breach, Maturity Model (BSIMM), Software Architecture and Design | Comments Off on Verizon DBIR puts security burden on users
Get the latest AppSec news and trends sent directly to you.
