mailing list archives
BSIMM-V is alive
From: Gary McGraw <gem () cigital com>
Date: Wed, 30 Oct 2013 02:23:06 -0400
I am proud to announce that the BSIMM-V document is complete and the website has been entirey revised/updated. Please
download a copy of BSIMM-V today: http://bsimm.com
BSIMM-V describes the software security initiatives at sixty-seven firms, including: Adobe, Aetna, Bank of America,
Box, Capital One, Comerica Bank, EMC, Epsilon, F-Secure, Fannie Mae, Fidelity, Goldman Sachs, HSBC, Intel, Intuit,
JPMorgan Chase & Co., Lender Processing Services Inc., Marks and Spencer, Mashery, McAfee, McKesson, Microsoft,
NetSuite, Neustar, Nokia, Nokia Siemens Networks, PayPal, Pearson Learning Technologies, QUALCOMM, Rackspace,
Salesforce, Sallie Mae, SAP, Sony Mobile, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, TomTom,
Vanguard, Visa, VMware, Wells Fargo, and Zynga. All told, the BSIMM describes the work of 975 SSG members working with
a satellite of 1,953 people to secure the software developed by 272,358 developers.
Software security measurement.
"If you are thinking about developing a software security program, or enhancing your existing one, the BSIMM will
provide you a tried and true measurement and planning tool developed by some of the top security practitioners in the
world. BSIMM-V is the continued evolution of this data driven set of real world software security practices, making it
more relevant than ever. If you don’t think that a software security program or BSIMM is right for you, well… it’s only
a matter of time!"
"Improving any engineering process requires a solid set of empirical metrics from which we can compare and contrast our
own processes. Software security is no exception, and for far too long the community has been relying too heavily on
anecdotal 'evidence.' Those excuses are no longer valid. Nowhere else will you find a more solid set of real world
observations than in the BSIMM study. I'm happy to see with the release of BSIMM-V that the model has continued to grow
and improve since its inception."
Kenneth R. van Wyk
KRvW Associates, LLC
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
- BSIMM-V is alive Gary McGraw (Oct 30)