Software Integrity Blog

Archive for the 'Maturity Model (BSIMM)' Category

 

[Webinars] Software security metrics and open source security

Learn how to drive your software security initiative with metrics, and get practical advice for open source security with Red Hat, in our upcoming webinars.

Continue Reading...

Posted in Maturity Model (BSIMM), Open Source Security, Webinars | Comments Off on [Webinars] Software security metrics and open source security

 

Experts talk application security at RSA

We asked a couple of AppSec experts and BSIMM participants about 2019 application security trends, challenges, obstacles, and solutions. Here’s what they said.

Continue Reading...

Posted in Maturity Model (BSIMM) | Comments Off on Experts talk application security at RSA

 

The hidden costs and risks of free puppies (and open source)

SCA tools are an essential part of your AppSec toolkit, because free and open source software—just like free puppies—comes with hidden costs and risks.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Maturity Model (BSIMM), Open Source Security, Software Composition Analysis | Comments Off on The hidden costs and risks of free puppies (and open source)

 

From mainframes to connected cars: How software drives the automotive industry

The automotive industry runs on software—but with increased software use comes an increased attack surface. Making safe, reliable vehicles starts with building secure software. Dr. Gary McGraw explains the importance of secure design principles and how to take the first step toward automotive software security.

Continue Reading...

Posted in Automotive Security, Maturity Model (BSIMM), Software Architecture and Design | Comments Off on From mainframes to connected cars: How software drives the automotive industry

 

Retail joins the BSIMM—finally

This year’s BSIMM newcomer is retail. The concept of retail software security isn’t new, so why is retail late to the BSIMM party? We’ve got some theories.

Continue Reading...

Posted in Maturity Model (BSIMM) | Comments Off on Retail joins the BSIMM—finally

 

Automation: One of the keys to DevSecOps

Automation is one of the keys to consistent and meaningful AppSec adoption in an evolving world. Many organizations have taken the first step in integrating their development and operations teams to drive more efficient delivery of applications and innovation to the market. They have come a long way by aligning around the shared goal of delivering stable, high-quality software quickly. One way they are achieving these efficiencies is through automation. Automation in DevOps By automating manual processes and building tools into continuous integration and continuous delivery (CI/CD) pipelines, development and operations teams have increased workflow efficiencies and trust between groups, which is essential as these once-disparate teams now merge to tackle critical issues as a single new team. We see the use and expansion of automation in the integration of tools such as GitLab for version control, Jenkins for CI, Jira for defect tracking, and Docker for container integration within toolchains. These tools work together to create a cohesive automated environment designed to allow organizations to focus on delivering higher-quality innovation faster to the market. Automation in DevSecOps Organizations are also realizing there is value in applying and sharing the value of automation by incorporating security principles earlier in the software development life cycle (SDLC). This creates shorter feedback loops and decreases friction, which allows engineers to detect and fix security and compliance issues faster and more naturally as part of software development workflows.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Maturity Model (BSIMM) | Comments Off on Automation: One of the keys to DevSecOps

 

Webinar: BSIMM9: Here’s what’s new!

In our on-demand webinar with Mike Ware (Synopsys), you’ll learn what makes our latest observations of real-life software security initiatives in BSIMM9 so exciting.

Continue Reading...

Posted in General, Maturity Model (BSIMM), Webinars | Comments Off on Webinar: BSIMM9: Here’s what’s new!

 

BSIMM9: Not a how-to but a roadmap to a better SSI

The BSIMM isn’t a “how to” on developing an SSI. It’s a “what’s happening now” guide, based on SSI activities and tools used at 120 participating companies.

Continue Reading...

Posted in Maturity Model (BSIMM) | Comments Off on BSIMM9: Not a how-to but a roadmap to a better SSI

 

BSIMM9 by the numbers

Over the past decade, we’ve studied dozens of security activities performed by real-life firms. Take a look at some key facts from this year’s BSIMM report.

Continue Reading...

Posted in Maturity Model (BSIMM) | Comments Off on BSIMM9 by the numbers

 

BSIMM9: Hot off the presses and better than ever

The BSIMM is the best way to measure your software security initiative (SSI) year after year to see how you and your peers are evolving in security efforts.

Continue Reading...

Posted in Maturity Model (BSIMM) | Comments Off on BSIMM9: Hot off the presses and better than ever