SANS NewsBites Vol. 11 Num. 20 (3/13/2009)
Application Security Best Practices: A New Maturity Model for Building Security In
(March 9 & 10, 2009)
The Building Security in Maturity Model (BSIMM) is "a set of best practices developed by Citigal and Fortify" that draws together data from nine software security initiatives to help software developers build more secure products. The model "breaks down" the best practices into 12 areas, including strategy and metrics, security features and design and configuration and vulnerability management.
http://www.csoonline.com/article/print/483716
http://www.scmagazineuk.com/Secrets-of-the-providers-detailed-in-new-report/article/128448/
http://blogs.wsj.com/digits/2009/03/04/new-effort-hopes-to-improve-software-security/
[Editor's Note (Pescatore): Good stuff, but the real value is in the listed best practices and being able to see which are common practice and which are best practice, vs. the idea of maturity levels.
(Paller): John Pesactore is exactly right (as usual). The value here is in the common, best practices that can instruct other organizations that want to learn from these leaders. We talked at length with two of the biggest participants to better understand what they have learned about security education for programmers. They explained that security awareness training was not helpful at all unless it was complemented by actual secure coding training often including the use of libraries that make secure coding easy.]
No comments:
Post a Comment