Wednesday, 11 November 2009

BSIMM Europe

« Cross-Origin Resource Sharing | Main | Irrational: Why the Snake Oil Flows »

BSIMM made it across the Atlantic! Over the last few months, I've traveled with Gary McGraw, Brian Chess, Florence Mottay, and Dave Harper through Europe to companies like Nokia, SWIFT, Standard Life, Telecom Italia, and Thomson Reuters to expand the original BSIMM study with data from Europe. While we were expecting that European companies are tackling software security completely different, we were surprised to find out that the studied European companies are doing software security not terribly different from the original nine US companies in the BSIMM study. European companies tend to focus more on Compliance and Policy, Penetration Testing, and Software Environment while Training and Security Testing and assurance activities (like Code Review) seem to be behind. Our full analysis is here

Posted by mmadou at 9:06 AM in Fortify

Responses (0)

[Trackback URL for this entry]

Your comment:

Author (*):

E-mail:

URL:

Comment (*):

Remember me?

SCode: (*)

Generate another code
SCode

Please enter the code as seen in the image above to post your comment.

Live Comment Preview:

« November »
Sun	Mon	Tue	Wed	Thu	Fri	Sat
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Subscribe

Feedburner (RSS)

Local (RSS)

Local (RSS v2.0)

Local (Atom)
Recent Posts
- Back to All Posts
Categories
About

Fortify Software
Fortify Resources

Software Security Resources

Products and Services
Recommended Blogs
- Justice League
- Schneier on Security
- SecurityFix
- CERIAS
- Security Curve
- 1 Raindrop
- Michael Howard's Weblog
- Computer Security
- A Passion for .NET Security
- Emergent Chaos
Meet the Bloggers
- Brian Chess
- Jacob West
- Roger Thornton
- Yekaterina Tsipenyuk
- Fredrick Lee
- Matias Madou
- Eddie Lee
- Joy Forsythe
- Jonathan Carter
Recommended Books
- Secure Programming with Static Analysis
  by Brian Chess and Jacob West
- Security Metrics: Replacing Fear, Uncertainty, and Doubt
  by Andrew Janquith
- Building Secure Software: How to Avoid Security Problems the Right Way
  by John Viega and Gary McGraw
- IEEE Security & Privacy Magazine
- How to Break Software Security
  by J. Whittaker and H. Thompson
- Security Engineering
  by Ross Andersen
- Software Security: Building Security In
  by Gary McGraw
- The Security Development Lifecycle
  by Michael Howard and Steve Lipner
- The Shellcoder's Handbook: Discovering and Exploiting Security Holes
  by Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, Sinan "noir" Eren, Neel Mehta, Riley Hassell
- Writing Secure Code, 2nd ed.
  by M. Howard and D. LeBlanc

Off by On

A Software Security Blog

Wednesday, 11 November 2009

BSIMM Europe

Your comment:

Live Comment Preview:

Subscribe

Recent Posts

Categories

About

Fortify Resources

Recommended Blogs

Meet the Bloggers

Recommended Books