Additional Resources
- BSIMM versus SAFECode and Other Kaiju Cinema, InformIT (December 26, 2011)
- Third-Party Software and Security, InformIT (November 30, 2011).
- BSIMM3, informIT (September 27, 2011)
- Software Security Zombies, informIT (July 21, 2011)
- vBSIMM (BSIMM for Vendors), informIT (April 12, 2011)
- Software Security in Practice, IEEE Security & Privacy (March/April 2011)
- Real-World Software Security, Dr. Dobbs (August 6, 2010); see also: InformationWeek.
- BSIMM2: Measuring the Emergence of a Software Security Community, informIT (May 12, 2010)
- What Works in Software Security, informIT (February 26, 2010)
- Cargo Cult Computer Security, informIT (January 28, 2010)
- You Really Need a Software Security Group, informIT (December 21, 2009)
- BSIMM Europe, informIT (November 10, 2009)
- BSIMM Begin, informIT (September 24, 2009)
- Measuring Software Security, informIT (June 18, 2009)
- The Building Security In Maturity Model (BSIMM), Confessions of a Software Security Alchemist, informIT (March 16, 2009)
- A Software Security Framework: Working Towards a Realistic Maturity Model informIT (October 15, 2008)
BSIMM3 Activities
Included here are all BSIMM3 activities in spreadsheet format to allow ease of use.
Building Security In Maturity Model presentation - May 2010
This is the standard slide deck we are using for BSIMM presentation. To date, this talk has been delivered at OWASP Belgium, DHS Software Assurance meeting, FS-ISAC, FSTC, RSA, ROOTS, OWASP NoVA, DDR&E/IARPA, metricon, Usenix Security, the FFIEC, Purdue’s CERIAS center, the Cylab corporate partners meeting, the UNCC 10th Cyber Security Conference, OWASP Brazil, SE OOP Munich, RSA, and secappdev. More to come.
Supply Chain Working Group (toolkit)
The supply chain working group convened by FSSCC/FBIIC (government financial collaboration organizations put together by Treasury, OCC, FDIC...) leveraged BSIMM activities.
Sales Slide Deck
This is a slide deck developed for use when convincing a firm to join the BSIMM Community.