Wednesday, 11 November 2009
BSIMM Europe
« Cross-Origin Resource Sharing | Main | Irrational: Why the Snake Oil Flows »
BSIMM made it across the Atlantic! Over the last few months, I've traveled with Gary McGraw, Brian Chess, Florence Mottay, and Dave Harper through Europe to companies like Nokia, SWIFT, Standard Life, Telecom Italia, and Thomson Reuters to expand the original BSIMM study with data from Europe. While we were expecting that European companies are tackling software security completely different, we were surprised to find out that the studied European companies are doing software security not terribly different from the original nine US companies in the BSIMM study. European companies tend to focus more on Compliance and Policy, Penetration Testing, and Software Environment while Training and Security Testing and assurance activities (like Code Review) seem to be behind. Our full analysis is here
Posted by at 9:06 AM in Fortify
[Trackback URL for this entry]
Hi Matias,
It was a great pleasure working on BSIMM Europe with you and the BSIMM team. A couple of pointers for the interested.
Here is the informIT article about the BSIMM Europe results as contrasted with the original BSIMM:
http://www.informit.com/articles/article.aspx?p=1405841
Now that we have BSIMM Europe results (actually, the size of the study has tripled to 27 companies with a couple more underway), we published BSIMM v1.5 with a new Appendix. Everything is released under the Creative Commons license. On the download site are two new translations into German and Italian.
http://www.bsi-mm.com/europe/
gem