Software Security

Archive for the 'Maturity Model (BSIMM)' Category

 

Webinar: Have you learned the art of building a security strategy?

If you play a role in your organization’s software security program, you already know that there’s no shortage of things to do to improve your firm’s security activities. To bring security priorities into focus, the Building Security In Maturity Model (BSIMM) highlights the 113 most commonly observed software security activities. The BSIMM thus enables experts like […]

Continue Reading...

Posted in Maturity Model (BSIMM) | No Comments »

 

How to mitigate third-party security risks

Third-party products and services are an integral part of business operations. Organizations depend heavily on optimizing their solutions by reducing costs; thus, bringing about the need for external expertise. Third-party organizations promise timely delivery of products and services, meeting compliance requirements, and optimizing the organization’s overall business performance. Reasons for bringing in a third party […]

Continue Reading...

Posted in Maturity Model (BSIMM), Security Risk Assessment, Vendor Risk Management | No Comments »

 

7 undeniable truths to make better software security

Seven years of data gathered from 100+ initiatives provide a bird’s eye view of software security. You can apply lessons from the Building Security In Maturity Model (BSIMM) to your business regardless of your industry, your size, or the mix of your applications. How high can you soar? Learn the seven undeniable truths to make […]

Continue Reading...

Posted in Maturity Model (BSIMM) | Comments Off on 7 undeniable truths to make better software security

 

How to benchmark your software security strategies

Evaluating the progress of your software security journey is essential, but it can be a considerable challenge. Tracking operational metrics doesn’t tell you whether you are doing the right things. Analyst reports are often too general to provide tactical direction. And companies hold their security plans so close to the vest, it makes competitive research […]

Continue Reading...

Posted in Application Security, Maturity Model (BSIMM), Threat Modeling | Comments Off on How to benchmark your software security strategies

 

3 presentations you don’t want to miss at AppSec California 2017

The Fourth Annual AppSec California Conference kicks off in one week at the Annenberg Beach House in Santa Monica, California. From January 23-25, security professionals, developers, penetration testers, and QA and testing professionals come together to share their knowledge and experiences about secure systems and secure development methodologies. We’re excited to attend the event as Platinum […]

Continue Reading...

Posted in Application Security, Maturity Model (BSIMM), Mobile Application Security, Security Conference or Event, Software Security Program Development, Threat Modeling | Comments Off on 3 presentations you don’t want to miss at AppSec California 2017

 

BSIMM7 explores emerging software security trends and evolution

BSIMM7 was released October 4th, 2016. That’s just a few weeks before the seventh annual BSIMM Community Conference convened on Amelia Island, Florida. This year’s BSIMM conference was well attended, with 160 participants representing 60 of 95 BSIMM firms from across the globe. The energy and enthusiasm at the conference was palpable. There is nothing […]

Continue Reading...

Posted in Maturity Model (BSIMM), Security Conference or Event, Software Security Testing | Comments Off on BSIMM7 explores emerging software security trends and evolution

 

BSIMM7 is now available: What’s new?

At the time of the BSIMM7 release today (October 4, 2016), the BSIMM Project has been underway for eight years. During that time, the size of the data set has multiplied over 26 times from 9 measurements to 237. Additionally, the number of firms whose software security initiatives we describe has grown from 9 to […]

Continue Reading...

Posted in Maturity Model (BSIMM), Software Security Testing | Comments Off on BSIMM7 is now available: What’s new?

 

Benefits of application security training: Moving beyond compliance

The official organizational response to a data breach almost always includes the statement: “We met all regulatory and legal requirements for data protection.” Training is required for many compliance regimes, and it might just be good enough as a compliance control. However, as a security control it’s inadequate. There are multiple major retailers that were […]

Continue Reading...

Posted in Data Breach, Maturity Model (BSIMM), Security Metrics, Security Training, Software Security Testing | Comments Off on Benefits of application security training: Moving beyond compliance

 

Software security in healthcare: What we’ve learned

Patient care is of the utmost importance within the healthcare industry. In fact, healthcare is one of the few industries responsible for protecting both the personal health and payment information of their patients—not to mention the intellectual property of internal operations. Securing such a variety of sensitive data requires a well-rounded strategy involving planning, technical expertise, and […]

Continue Reading...

Posted in Healthcare Security, Maturity Model (BSIMM), Software Security Testing | Comments Off on Software security in healthcare: What we’ve learned

 

ATMs to IoT: The generational divide of digital trust

Originally posted on SecurityWeek The former CISO of a large intelligence community agency once told me, “The number one challenge in IT Security is the carbon-based life form.” Needless to say, that comment has stuck with me as I read articles daily about hacks with their genesis found in credentials lifted from phishing schemes. Given […]

Continue Reading...

Posted in Data Breach, Financial Services Security, Internet of Things, Maturity Model (BSIMM) | Comments Off on ATMs to IoT: The generational divide of digital trust