The Right Tool For The Right Job (SAFECode And BSIMM)

Date

13.11.11

After listening to a number of talks at different conferences around the world, IΓÇÖm convinced that even experts are confused about the various security initiatives, particularly SAFECode and BSIMM. As a consequence, organizations are confusing prevalent practices with effective ones. Some of the results of this misunderstanding are organizations trying to choose the most popular BSIMM practices and use them as criteria for suppliers or adopting BSIMM as a Secure Development Lifecycle framework.

This week SAFECode released ΓÇ£A SAFECode Perspective on Leveraging Descriptive Software Security InitiativesΓÇ£. This brief paper addresses common questions on the differences between BSIMMΓÇÖs descriptive model and SAFECodeΓÇÖs prescriptive guidance. If you are responsible for a large software security initiative, I highly recommend reading this paper.

Date

More
articles

SINET Silicon Valley

The Evolving Role of the CISO: Ventures, Leadership, and Societal Contributions

Bringing Transparency to Cybersecurity: Practitioner Stories

Date

More articles

SINET Silicon Valley

The Evolving Role of the CISO: Ventures, Leadership, and Societal Contributions

Bringing Transparency to Cybersecurity: Practitioner Stories

More
articles