[Owasp-boston] Meeting Wed. March 6 - Akamai, 6:30 - BSIMM

Weiler, Jim Jim.Weiler at starwoodhotels.com
Mon Mar 4 21:48:24 UTC 2013


The purpose of the BSIMM is to quantify the activities carried out by
real software security initiatives. BSIMM is a study of the secure
development practices of over 50 organizations, analyzed along the
dimensions that were found in the data, not along preconceived ideas of
what secure development should be.  

BSIMM describes the work of 974 software security group members working
with a satellite of 2039 people to secure the software developed by
218,286 developers.  

The BSIMM describes 111 activities that any organization can put into
practice. The activities are described in twelve practices grouped into
four domains. Associated with each activity is an objective.


Speaker - Nabil Hannan

Director of Vulnerability Assessments and Managing Consultant, Cigital


Presentation - 

What is BSIMM?

BSIMM (pronounced "bee simm") is short for Building Security In Maturity
Model. The BSIMM is a study of real-world software security initiatives
organized so that you can determine where you stand with your software
security initiative and how to evolve your efforts over time.


Why software security?

Software security is about building software to be secure even when it
is under attack. As we have learned from years network security drama,
protecting software is much easier if the software is built with
security in mind. Furthermore, security is a property and not a thing,
so software security involves much more than simply adding security
features like SSL or passwords to software.


Who needs this stuff?

Organizations that depend on software to work (and that's pretty much
everybody these days) need software that doesn't leak millions of
identity records, call election results into question, gin up huge legal
liabilities, or allow secrets to fall into the wrong hands. The only way
to make software trustworthy is to build security in. In short, everyone
who relies on software needs the BSIMM.



Jim Weiler       CISSP   CSSLP   GSSP - Java

Application Security Architect

Starwood Hotels      1505 Washington St.   Braintree MA. 02184

desk - 781 356 0067

mobile - 781 654 6048



This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged. 
The information is intended only for the use of the individual(s) or entity named above.  If you are not the intended recipient, be 
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited.  If you have received 
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-boston/attachments/20130304/39306518/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 13717 bytes
Desc: image001.jpg
URL: <http://lists.owasp.org/pipermail/owasp-boston/attachments/20130304/39306518/attachment-0001.jpg>

More information about the Owasp-boston mailing list