News

Fortify, Cigital release software security program benchmarks in US

  •  7 March 2009
  • 0 comments

MARKET leader in Software Security Assurance solutions Fortify Software has teamed up with software security consulting firm Cigital to announce the launch of the Building Security In Maturity Model (BSIMM), the industry's first ever set of benchmarks for developing and growing an enterprise-wide software security program.

Based on researching leading enterprises such as Adobe, EMC, Google, Microsoft, QUALCOMM, Wells Fargo, and Depository Trust & Clearing Corporation (DTCC), the BSIMM pulls together a set of activities practiced by nine of the 25 most successful software security initiatives in the world.

Unlike some industry standards, BSIMM is a structured set of practices based on real-world data rather than philosophy and ideas.

BSIMM provides insight on what successful organizations actually do to build security into their software and mitigate the business risk associated with insecure applications.

Steve Lipner of Microsoft said BSIMM provides a public 'yardstick' for measuring the progress of any organisation's own software assurance program. He adds that software security has turned the corner from a good idea to a business necessity, and the industry has finally reached a point where enough real experience has been accumulated to compare notes and talk about what works.

Dr. Gary McGraw, CTO of Cigital and author of Software Security, said using BSIMM, an organisation can determine where its software security initiative stands, figure out how to evolve its initiative strategically, or even get a brand new initiative off the ground.

He adds that BSIMM is a tool for identifying realistic business goals and implementing those technical software security activities that make the most sense for an organisation.

Over the next several months, Cigital and Fortify will gather data from other leading software security initiatives to enhance the study and provide additional insight on trends and activities particular to certain vertical industries and company sizes, among other factors.

The BSIMM is available under creative commons license here: http://bsi-mm.com.

Add a comment

| More

  • Posted in:

Add a comment Comments

No comments found, be the first to add one.
Thank you very much.

Your comment has been submitted.

Required

Please enter your name.

Required, but never displayed.

Please enter a valid email address.

Optional, and linked if provided.

Required and you can write upto 600 words for your comment.

Please enter your comment and limit it to 600 words.

Required

Please enter the code shown on the right.
Check this box to receive the latest updates in our email newsletter.
to get Security Industry News
delivered to your inbox

Recent comments

International bills to pay? Sign up now!