In our on-demand webinar, you’ll learn what makes our latest observations of real-life software security initiatives in BSIMM9 so exciting.
The BSIMM isn’t a “how to” on developing an SSI. It’s a “what’s happening now” guide, based on SSI activities and tools used at 120 participating companies.
Posted in Maturity Model (BSIMM) | Comments Off on BSIMM9: Not a how-to but a roadmap to a better SSI
Over the past decade, we’ve studied dozens of security activities performed by real-life firms. Take a look at some key facts from this year’s BSIMM report.
Posted in Maturity Model (BSIMM) | Comments Off on BSIMM9 by the numbers
The BSIMM is the best way to measure your software security initiative (SSI) year after year to see how you and your peers are evolving in security efforts.
Posted in Maturity Model (BSIMM) | Comments Off on BSIMM9: Hot off the presses and better than ever
The 2018 Verizon Data Breach Investigations Report (DBIR)—the 11th annual exhaustive collection of good advice and (mostly) bad news—which dropped a couple of weeks ago, doesn’t contain any major surprises about the state of online security.
Fault Injection is a podcast from Synopsys that digs deep into software quality and security issues. This week, hosts Robert Vamosi, CISSP and security strategist at Synopsys, and Chris Clark, principal security engineer at Synopsys, interview Sammy Migues, principal scientist here at Synopsys, about the new Building Security In Maturity Model (BSIMM) 8 report.
A recent “Innovation Spotlight” in the IEEE XPLORE Digital Library announced “a first-of-its-kind charger that allows plug-in electric vehicles (PEVs) to deliver excess capacity to the power grid and recharge during off-peak hours.” Promising new technologies often evoke questions about security. Suppose a bad actor exploits the connection somehow and brings down portions of the network or grid?
Originally posted on SecurityWeek.
Posted in Maturity Model (BSIMM) | Comments Off on How to reduce risk while saving on the cost of resolving security defects
In 2015, healthcare became the most attacked industry, replacing financial services. Since 2010, there have been at least eight healthcare industry breaches publically reported in the media. The 2016 Cyber Security Intelligence Index states that five of the eight breaches took place during the first half of 2015. During that period, over 100 million medical records were reportedly compromised. Misalignment between HIPAA and software security The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996. However, the compliance date of HIPAA’s Privacy Rule and Security Rule didn’t take effect until 2003. These rules were created as a way to implement and enforce industry-wide security safeguards on protected health information (PHI).
If you play a role in your organization’s software security program, you already know that there’s no shortage of things to do to improve your firm’s security activities.