Cigital, Inc.: BSIMM-V Release Expands Premier Measurement Tool for Software Security
(Thomson Reuters ONE) -
Cigital and HP Collaborate to Study Software Security Practices of Nearly 70
Organizations and More Than 270,000 Software Developers
AMSTERDAM, THE NETHERLANDS--(Marketwired - Oct 30, 2013) - Cigital, Inc. today
announced the fifth major release of the Building Security In Maturity Model
(BSIMM), the industry's first and only software security measurement tool built
on real-world data. Built in collaboration with HP, BSIMM-V helps organizations
understand, measure, and plan their software security initiatives. Originally
launched in 2008, the BSIMM data set has grown over 75 percent since the fourth
release in 2012, and now describes the software security initiatives of 67
organizations, up from 51. Unlike software security methodologies based unproven
theories and hunches, BSIMM-V is built on data directly observed in the
field. BSIMM-V encompasses eighteen times the measurement data of the original
study and reports on one new activity, bringing the total activity count to 112.
The multi-year software security study is based on in-depth measurement of
leading enterprises in a number of verticals including: Adobe, Aetna, Bank of
America, Box, Capital One, Comerica Bank, EMC, Epsilon, F-Secure, Fannie Mae,
Fidelity, Goldman Sachs, HSBC, Intel, Intuit, JPMorgan Chase & Co., Lender
Processing Services Inc., Marks and Spencer, Mashery, McAfee, McKesson,
Microsoft, NetSuite, Neustar, Nokia, Nokia Siemens Networks, PayPal, Pearson
Learning Technologies, QUALCOMM, Rackspace, Salesforce, Sallie Mae, SAP, Sony
Mobile, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, TomTom,
Vanguard, Visa, VMware, Wells Fargo, and Zynga.
"The BSIMM Project started as a simple data driven science project and has
evolved into the world's premier measurement tool for software security," said
Dr. Gary McGraw, CTO of Cigital and author of Software Security. "With BSIMM-V,
we have significantly expanded the data set again and are now confident that we
can measure any firm worldwide with the same measuring stick. If you wonder how
your firm's software security practices stack up, we can tell you."
Using the BSIMM measurement tool, Dr. Gary McGraw, CTO at Cigital; Jacob West,
CTO, Enterprise Security Products at HP; and Sammy Migues, Principal at Cigital,
conducted a series of in-person interviews with executives in charge of their
organization's software security initiatives to collect data for BSIMM-V. For
the second time in the history of the BSIMM project, a new activity was observed
in addition to the original 111, resulting in the addition of one new activity
to the model going forward: operate a bug bounty program. All data described by
the model are captured through direct observation by Cigital and HP Fortify.
"Adversaries are collaborating and focusing their attacks overwhelmingly on the
software layer," said Jacob West, chief technology officer, Enterprise Security
Products, HP. "To combat this market-based adversary, organizations must take a
more scientific approach to software security, leveraging BSIMM-V to measure
their own maturity and collaborating with peers to create more secure software
industry-wide."
Additional highlights from BSIMM-V:
* The BSIMM-V data set encompasses 161 distinct measurements (some firms
measured multiple times, some firms with multiple divisions measured
separately and rolled into one firm score).
* BSIMM-V shows that leading firms on average employ one full-time software
security specialist for every 71 developers.
* BSIMM-V describes the work of 975 software security professionals working
with a development-based satellite of 1,953 people to secure the software
developed by 272,358 developers.
The sixty-seven firms participating in the BSIMM project make up the BSIMM
Community which hosts a private mailing list and an annual conference where
representatives gather together in an off-the-record forum to discuss day-to-day
administration of software security initiatives. The BSIMM Europe Community will
be hosting the official BSIMM-V Launch in Amsterdam on October 30, 2013. This
year's BSIMM Community Conference will be hosted near Washington, D.C. November
12 - 14, 2013.
"The BSIMM is an instrumental tool to determine the maturity and effectiveness
of an organization's software security activities and we use it to measure the
progress in improving software security year over year," said Jim Routh, Chief
Information Security Officer of Aetna and founding board member of BSIMM, who
has personally led five software security initiatives in five different firms.
For more information and to access the BSIMM-V study, which is distributed free
of charge under a Creative Commons license, please visit: http://bsimm.com/.
About BSIMM
The Building Security in Maturity Model (BSIMM) is a critical tool for measuring
and evaluating how well real firms build secure software. A data-driven model
and measurement tool developed through the careful study and analysis of
software security initiatives, BSIMM includes real-world data from nearly 70
organizations with active software security initiatives. The model includes a
framework based on successful software security practices, and can help guide an
organization objectively assess of its own security investments, both present
and future. For more information, please visit http://bsimm.com/.
About Cigital
Cigital, Inc. is the world's leading software security services and solutions
company. Cigital helps public and private organizations launch and mature
software security initiatives, as well as design, build, test, and maintain
secure software through a combination of expert consultants, innovative
technologies, and effective training built on over twenty years of cutting-edge
research and successful client engagements. Cigital is headquartered outside
Washington, D.C. with regional offices throughout North America, Europe, and
Southeast Asia. For more information visit: http://www.cigital.com.
Media Contacts
North America, Latin America, and Asia:
Katherine Bragg
SHIFT Communications
+1.617.779.1885
Cigital(at)shiftcomm.com
Europe, Middle East, and Africa:
Louise Potter
eclat Marketing
+44.1276.486000
Cigital(at)eclat.co.uk
This announcement is distributed by Thomson Reuters on behalf of
Thomson Reuters clients. The owner of this announcement warrants that:
(i) the releases contained herein are protected by copyright and
other applicable laws; and
(ii) they are solely responsible for the content, accuracy and
originality of the information contained therein.
Source: Cigital, Inc. via Thomson Reuters ONE
[HUG#1739070]
Unternehmensinformation / Kurzprofil:
Bereitgestellt von Benutzer: hugin
Datum: 30.10.2013 - 08:02 Uhr
Sprache: Deutsch
News-ID 310699
Anzahl Zeichen: 7449
contact information:
Town:
Dulles
Kategorie:
Business News
Diese Pressemitteilung wurde bisher 271 mal aufgerufen.
Die Pressemitteilung mit dem Titel:
"Cigital, Inc.: BSIMM-V Release Expands Premier Measurement Tool for Software Security"
steht unter der journalistisch-redaktionellen Verantwortung von
Cigital, Inc. (Nachricht senden)
Beachten Sie bitte die weiteren Informationen zum Haftungsauschluß (gemäß TMG - TeleMedianGesetz) und dem Datenschutz (gemäß der DSGVO).





