In The News
The press is talking about the BSIMM.
November 24, 2015: BSIMM’s Data-driven Approach to Software Security, eSecurity Planet
November 13, 2015: How BSIMM improves security by letting developers compare security practices [Q&A], betanews
November 9, 2015: Healthcare In Last Place According To Security Maturity Model, BusinessSolutions
October 28, 2015: Gary McGraw on BSIMM6 and Software Security, threat post
October 22, 2015: Healthcare organisations fall short on software security, TechCentral.ie
October 21, 2015: Health care orgs fall short on software security, MIS Asia
October 21, 2015: Security information sharing gets even bigger with BSIMM6, CMIO
October 21, 2015: Healthcare has ‘plenty to learn from other industries’ about software security
October 20, 2015: Healthcare Security Benchmarked for First Time, Health Data Management
October 19, 2015: Security Capability Engineering
October 19, 2015: New study shows healthcare lagging behind in software security, Health Management Technology
October 19, 2015: ‘HIPAA Not Helping’: Healthcare’s Software Security Lagging, Dark Reading.
October 19, 2015: No more guessing how your appSec ranks against your peers, LinkedIn
October 19, 2015: Latest BSIMM Data Puts Health Care Back of the Pack, threat post.
October 19, 2015: Cigital’s BSIMM6 finds software security lagging in industry, SD Times.
May 4, 2015: Hacking Vint Cerf’s Wine Cellar, or Why We Need to Secure the Internet of Things
August 27, 2014: IEEE Center for Secure Design wants tech industry to stop ‘doing dumb stuff’, TechWorld.
March 3, 2014: Why measurement is key to driving improvement in software security, Developer Tech.
January 28, 2014: Software [in]security and scaling automated code review, SearchSecurity.
January 27, 2014: The best thing about BSIMM – it isn’t a standard, Life at 6700′.
December 12, 2013: BSIMM-V: Free Software Security Insights from 67 Companies, Application Development Trends – Watersworks blog.
November 21, 2013: Financial Services Industry Proposes Security Controls For Third-Party, Open-Source Software, Dark Reading.
November 5, 2013: BSIMM 5 Released, Clerkendweller.
November 1, 2013: Cigital boosts latest BSIMM software security tool with expanded list of firms, Techworld.
November 1, 2013: Gary McGraw on BSIMM-V and Software Security, Threatpost.
November 1, 2013: BSIMM-V: Software Security is Becoming Mainstream, EMC Product Security Blog.
October 30, 2013: BSIMM Advancing Software Security, eSecurity Planet.
October 30, 2013: Building Security In Maturity Model: Version 5 Released, Infosecurity Magazine.
October 30, 2013: Software Security Maturity Plods Along, Dark Reading.
October 30, 2013: BSIMM-V Examines Software Security Practices of 270,000 Developers, SecurityWeek.
October 30, 2013: Building Security in Maturity Model Includes Bug-Bounty Programs, eWeek.
October 29, 2013: BSIMM-V does a number on secure software dev, SearchSecurity.
May 10, 2013: BSIMM4 measures and advances secure application development, SearchSecurity.
April 11, 2013: McGraw: Use VBSIMM software security model when buying software, SearchSecurity.
March 12, 2013: Gary McGraw on evolution of BSIMM maturity framework, SearchSecurity.
March 8, 2013: VIDEO: Zombies and the BSIMM: A Decade of Software Security, RSA Conference 2013.
January 10, 2013: While the cyber war tail wags the national security dog, software security offers a different path to cyber peace, CSO.
January 9, 2013: BSIMM authors highlight importance of static analysis, security features, Kloctalk.
December 21, 2012: Will BSIMM 4 Improve Software Security?, InternetNews.com.
December 20, 2012: BSIMM’s gift: The 12 security days of Christmas, CSO.
December 20, 2012: BSIMM’s gift: The 12 security days of Christmas, PC Advisor.
December 18, 2012: HP sheds light on enterprise giants’ security know-how, V3.co.uk.
December 7, 2012: Twelve common software security activities to lift your program, SearchSecurity.
November 15, 2012: Fidelity Invests In Secure Software Development, Dark Reading.
November 14, 2012: BSIMM Community Conference 2012, Adobe Secure Software Engineering Team (ASSET) Blog.
November 13, 2012: Enterprises Pressure Software Vendors To Clean Up Their Apps, Dark Reading.
October 4, 2012: Ten commandments for software security, SearchSecurity.
September 26, 2012: Bank Cyberattacks Underscore Need for Security Processes, CIO Journal.
September 26, 2012: Gary McGraw on the BSIMM4 and How to Avoid Being the Slowest Zebra, threatpost.
September 25, 2012: Desktop security software gets proactive with application sandboxing, Search Enterprise Desktop.
September 21, 2012: Launching An IAM Project: Where To Start, Dark Reading.
September 25, 2012: BSIMM4 Released; If You Are Not Part of the Solution, Well Then …, CyBlog.
September 19, 2012: Real-world software security initiatives study, Help Net Security.
September 18, 2012: New BSIMM Provides Measuring Stick for Secure Application Development Programs, SecurityWeek.
September 18, 2012: BSIMM4 Release Expands Software Security Measurement Tool And Describes New Activities, Dark Reading.
September 18, 2012: BSIMM4 Release Expands Software Security Measurement Tool and Describes New Activities, Minded Security Blog.
September 18, 2012: The BSIMM Nouveau Has Arrived, EMC^2 Product Security Blog.
September 18, 2012: BSIMM4 gets bigger, better, CSO Online.
September 18, 2012: BSIMM4 launches today, CSO Online.
September 17, 2012: BSIMM study expands scope, identifies new software security activities, SearchSecurity.com.
July 2, 2012: Mobile security: It’s all about mobile software security, SearchSecurity.
May 21, 2012: Wysopal on application security training, program gaps, SearchSecurity.
April 2012: Software security assurance: Build it in, build it right, SearchSecurity.
January 26, 2012: vBSIMM Take Two (BSIMM for Vendors Revised), InformIT.
January 10, 2012: White House Launches Electric Industry Security Maturity Model Program, Threatpost.
November 30, 2011: Software [In]security: Third-Party Software and Security, InformIT.
October 31, 2011: Software [In]security: Software Security Training , InformIT.
October 26, 2011: Web application risks exacerbated by social media ties, says ISACA, SearchSecurity.com.
October 04, 2011: Developing IT Risk Management Decision-making Criteria an Ongoing Challenge, SearchSecurity.com.
September 30, 2011: BSIMM3 Continues To Add Real-World Data to Security Maturity Model , Application Development Trends.
September 29, 2011: New BSIMM3 Guide Provides New Data On Secure Software Development, DarkReading.
September 28, 2011: Multi-year study of real-world software security initiatives, Help Net Security.
September 28, 2011: Gary McGraw on the BSIMM3 Data Release, Threatpost.
September 27, 2011: BSIMM turns 3, 1 Raindrop.
September 27, 2011: Cigital BSIMM 3 study provides software security metrics data, SearchSecurity.com.
September 27, 2011: A Secure Software Model Matures, Forbes.com.
September 27, 2011: A Secure Software Development Lifecycle Model Matures, DeviceLine Blog.
September 27, 2011: Software [In]security: BSIMM3, InformIT.
September 27, 2011: BSIMM3 Released: “An Excellent Tool for Devising a Software Security Strategy” , CyBlog.
September 27, 2011: BSIMM3 launches today, CSO Online.
September 27, 2011: BSIMM3 Release Doubles Software Security Measurement Data and Includes Measurements Over Time, Global Security Mag.
September 20, 2011: Measurement first among secure software development benchmarks, SearchSecurity.com
July 07, 2011: Simple Isn’t Simple, Darkreading.com.
June 28, 2011: DHS releases software security scoring system, ComputerWorld.
June 10, 2011: Secure coding news flash: BSIMM3 coming in August, CSO Online.
June 7, 2011: Cigital acquires Consciere, brings in security vets
April 12, 2011: vBSIMM (BSIMM for Vendors)
March 15, 2011: How to Mine Customer Data the Right Way, PCWorld.
March 14, 2011: Industry groups, businesses attempt security awareness training plan, SearchSecurity.com.
March 14, 2011: BSIMM’s European Tour, Application Development Trends.
November 30, 2010: Expert: BSIMM Can Help Enterprises Build Secure App Development Processes, DarkReading.
September 28, 2010: How to Develop More Secure Software – Practices from Thirty Organizations, CERT podcast.
August 26, 2010: Building secure software using fuzzing and static code analysis, Help Net Security.
August 24, 2010: CEO must prioritize software development improvements, secure coding, SearchSecurity.com.
August 17, 2010: Secure software Experts say it’s no longer a pipe, gagsandgiggles.com blog.
August 17, 2010: HP’s Fortify Acquisition: More Validation of Security in the App Dev Lifecycle, Application Development Trends.
July 01, 2010: Insecure software: A never-ending saga, Information Security Magazine.
June 22, 2010: The Rugged Software Manifesto, InfoQ.com.
June 18, 2010: Building in software security, not just bolting it on, Javelin Strategy & Research Blog.
June 17, 2010: anti-waf-software-security-only-zealotry, Jeremiah Grossman blog.
May 27, 2010: BSIMM2 and WAFs, Tactical Web Application Security.
May 21, 2010: Code Security: MidAmerican Energy’s top priority after SQL injection attacks, CSO Online.
May 20, 2010: BSIMM2 – A Very Useful Reference for Software Security Practitioners, RSA blog.
May 20, 2010: BSIMM2: Leading Software Security Maturity Model Triples to Include More Real-World Data on Software Security Initiatives, IT Business Edge.
May 17, 2010: BSIMM crafts model for building in software security , SDTimes.
May 14, 2010: Another Security Dot Dot Dot Friday, Gartner Blog Network: John Pescatore.
May 13, 2010: BSIMM Shows Best SDLC Practices, Network Computing.
May 13, 2010: Real-world data on software security initiatives, Help Net Security.
May 13, 2010: BSIMM2 Released, The Lowe Down.
May 13, 2010: Measuring Software Security, SecuObs.com.
May 13, 2010: A Closer Look At Application Security: BSIMM2, Supply Chain Technology.
May 12, 2010: Gary McGraw on Developing Secure Software (Q&A), CNET.
May 12, 2010: Secure Application Development Report Expands Security Framework, eWeek.
May 12, 2010: Measuring Software Security: BSIMM2 and Beyond, eSecurity Planet.
May 12, 2010: Evolving Rapidly, BSIMM2 Offers Key Elements of Successful Software Security Initiatives Shared by 30 Major Corporations, CyBlog: Security, Privacy and Mobility in the Information Age.
May 12, 2010: Product Watch: ‘Measuring Stick’ For Software Security Gets An Update, DarkReading.
May 12, 2010: Gary McGraw on BSIMM2, Software Security and Cargo Cult Science, Threatpost.
May 12, 2010: SAFECode and BSIMM: A Powerful Combination in the Work to Improve Software Security, SAFECode blog.
May 12, 2010: BSIMM2, Fortify Software Security Blog.
March 31, 2010: Survey Says: More Than Half of Software Companies Deploying Secure Coding Methods, DarkReading.
March 31, 2010: Code Writers Finally Get Security? Maybe, CSO Online.
March 26, 2010: The Smart (Electric) Grid and Dumb Cybersecurity, InformIT.
March 18, 2010: How COBIT helps compliance, SearchSecurity.
February 10, 2010: And now we need to be “Rugged”, Building Real Software.
January 28, 2010: BSIMM: A Descriptive Model of Software Security, good code.
January 20, 2010: The Building Security In Maturity Model, CERIAS Security Seminar Podcast.
January 4, 2010: Software Security – An interview with Dr. Gary McGraw, Imperva Security Podcasts.
December 31, 2009: Building Security In Maturity Model, RiskPundit.
November 13, 2009: Best practices in information security, Continuity Central.
November 12, 2009: Fortify Software: New Study Provides Real-World Data on Leading Software Security Initiatives in Europe, TradingMarkets.com.
November 11, 2009: BSIMM Europe, Business Exchange.
November 11, 2009: BSIMM Europe, Minded Security Blog.
November 11, 2009: Real-world data on software security initiatives, Help Net Security.
November 11, 2009: BSIMM Europe, Off by On blog (Fortify).
November 10, 2009: From Biometrics to BSIMM, & “50 Hurricanes Hitting At Once!” — A Report on the Sixth Annual Partners Conference, CyBlog: Security, Privacy and Mobility in the Information Age.
November 06, 2009: Gary McGraw on Software Security, the BSIMM Model and Critical Thinking, Digital Underground podcast.
November 03, 2009: BSIMM Begin web survey, Chenxi Wang’s Blog.
November 2009: Fortify: New Study Provides Real-World Data on Leading Software Security Initiatives in Europe, Global Security Mag.
October 22, 2009: Do The Right Thing, Off by One.
October 13, 2009: BSIMM Survey, 1 Raindrop.
October 09, 2009: Best of Application Security (Friday, Oct. 9), Jeremiah Grossman.
October 08, 2009: Cigital, SANS Institute Roll Out Software Security Self-Measurement With BSIMM, DarkReading.
September 28, 2009: Software security: numbers needed!, Burton Group Blogs: Security and Risk Management.
September 25, 2009: Benchmarking Security – Are We Safe Yet?, John Pescatore (Gartner Blog Network).
September 15, 2009: Information Security Summit 2009 – Overview, Gartner.
June 25, 2009: The Value of Static Analysis Tools, Building Real Software.
May 10, 2009: CyLab Business Risks Forum: Gary McGraw on Online Games, Electronic Voting and Software Security, CyBlog.
April 20, 2009: Secure software? Experts say it’s no longer a pipedream, cnet security news.
April 19, 2009: Brian Chess and Gary McGraw AND-401: Building Security In Maturity Model (BSIMM), RSA Conference 365.
April 16, 2009: Software Security Comes of Age, InformIT.
April 8, 2009: The Rocky Road To More Secure Code, Dark Reading.
April 8, 2009: Building Security In Maturity Model (BSIMM), (ISC)2 Blog
April 7, 2009: New model supports secure software coding, SearchSecurity.com Security Newsmakers.
April 7, 2009: Software [In]security: Nine Things Everybody Does: Software Security Activities from the BSIMM, threatpost Punditry.
April 6, 2009: Building Security In, Maturely, Emergent Chaos.
April 01, 2009: Een maturiteitsmodel voor software security, IT Professional.
March 31, 2009: An Experience-Based Maturity Model for Software Security, CERT Podcast.
March 27, 2009: BSIMM lays out security blueprint, SDTimes.
March 27, 2009: The He Got Game Rule, 1 Raindrop.
March 25, 2009: It B-SIMM-ply Marvelous!, Enterprise Security Blog.
March 19, 2009: BSIMM Defines Best Practices For Software Security, IndicThreads.
March 17, 2009: The Building Security In Maturity Model, Don’t panic!.
March 16, 2009: Web Security Readers Digest, Jeremiah Grossman’s blog.
March 16, 2009: Bezpecnostní strípky: cerv Conficker aktualizuje, Root.cz.
March 13, 2009: Fortify & Cigital Release BSIMM — Integrating Best Practices from Nine Software Security Initiatives, CyBlog.
March 13, 2009: Group Launches New Best Practices For Secure Software Development, Dark Reading (also: Thoughts of a Technocrat).
March 13, 2009: Microsoft on ‘Building Security In Maturity Model’, Ruminations on Architecture and Security.
March 12, 2009: New report offers low-down on secure develoment, Network World.
March 12, 2009: Building Security In Maturity Model, The Security Development Lifecycle (MSDN).
March 11, 2009: Building Security In Maturity Model (BSIMM), good code.
March 11, 2009: Application Security is Journey, Not a Destination, Security Incite.
March 11, 2009: New report offers low-down on secure develoment, Techworld.com.
March 10, 2009: A New Hope for Software Security?, Network World (also: CSO Online).
March 10, 2009: Maturity model offers software security yardstick, Computer Business Review.
March 9, 2009: Building Security In Maturity Model Partly Applies to Detection and Response, TaoSecurity.
March 9, 2009: Secrets of the providers detailed in new report, SC Magazine.
March 9, 2009: BSIMM: The Building Security In Maturity Model, Infowarrior.
March 7, 2009: Application Security: A Tool Cannot Solve What Fundamentally is a Process Problem, Gartner Blogs (Neil MacDonald).
March 6, 2009: Building Security In Maturity Model is online, cgisecurity.com.
March 6, 2009: CAG, BSIMM and field-assessed security, Security Balance.
March 6, 2009: BSI-MM est arrivé!, 1Raindrop.
March 6, 2009: Risks Digest 25.60, RISKS.
March 5, 2009: BSIMM lives, SC-L.
March 5, 2009: BSIMM: Maturing the process of Building Security In., SilverStr’s Blog.
March 5, 2009: BSIMM, Pseudorandom.
March 5, 2009: Benchmarks for developing and growing an enterprise-wide software security program, Help Net Security.
March 5, 2009: Building Security In Maturity Model, Sylvan von Stuppe.
March 5, 2009: Announcing the Building Security In Maturity Model (BSIMM), Cigital blog.
March 4, 2009: New Effort Hopes to Improve Software Security, The Wall Street Journal Blog: Digits
March 4, 2009: Gary McGraw @ OSWAP Belgian Chapter Meeting, /dev/random.
March 4, 2009: BSIMM, Off by On (Fortify blog).
March 4, 2009: The Building Security In Maturity Model (BSIMM), Dr. InfoSec
March 4, 2009: New Effort Hopes to Improve Software Security, All Things Digital.
February 16, 2009: Why top lists don’t work, SearchSecurity.com podcast.
February 9, 2009: Nine Things Everybody Does, Informit
No more posts to load.
Load More Posts