HOME ALL STORIES LATEST NEWS COLUMNS OPINIONS EDITORIALS GUEST VIEWS SHORT TAKES DATA WATCH SPECIAL REPORTS ZEICHICK'S TAKE SD TIMES 100 EDITORS' BLOG

RSS FEEDS

FACEBOOK

TWITTER

WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL CALENDAR EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH SYSMANNEWS SPTECHCON ESDC IPHONEDEVCON PRIVACY POLICY CONTACT US

Printable version

HOME >> LATEST NEWS

Most Read Latest News Blog Resources

Does Windows cost Microsoft opportunities?
Microsoft's decision to focus .NET on Windows is stifling innovation due to the specter of...

Mono brings .NET to Android
At Microsoft MIX, Mono will unveil the ability to port .NET applications to the Android op...

OSBC focus turns to best practices for open-source adoption
Businesses are no longer asking why they should adopt, but how do they use open source leg...

Maven Studio for Eclipse gets developers up to speed
Sonatype tool simplifies onboarding by giving developers a way to easily deploy fully conf...

nVidia updates CUDA tools
Latest version helps developers turn desktops and servers with high-end GPUs into more pow...

Scrum Planning Board adds automation to Axosoft OnTime
Illustrations are also included to assist Scrum-using developers a better view of what the...

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.

Overcoming Development Challenges with Open Source Open source software can help you with your application development challenges. It doesn’t...

Accelerate Services and the Cloud Business units, functional groups, and different divisions of companies across industries...

Enterprise Mashup Platforms for Today’s Increasingly Complex and Real-Time Context Enterprise Mashups offer your company a new way to connect data from inside and outside yo...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Cigital, Fortify tailor security model for Europe

By Jeff Feinman

November 12, 2009 —

Cigital and Fortify Software have created BSIMM Europe (Building Security In Maturity Model for Europe), an extension of the security benchmark model that the two companies created in March of this year.

Executives of the two companies said that BSIMM Europe, announced today, describes a set of security actions practiced by nine European firms. Those companies include Nokia, asset management company Standard Life, messaging services provider SWIFT, Telecom Italia and Thomson Reuters. The four other companies weren’t named.

“Software security is a worldwide phenomenon,” said Gary McGraw, CTO of Cigital. “Using BSIMM, an organization can determine where its software security initiative stands, figure out how to evolve its initiative strategically, or even get a brand new initiative off the ground. BSIMM is a tool for identifying realistic business goals and implementing those technical software security activities that make the most sense for an organization.”

For the original BSIMM study, representatives from Cigital and Fortify did interviews with and collected data from nine companies, including Adobe, EMC, Google and Microsoft. The model is divided into 12 practices, falling under the categories of governance, intelligence, software security development life-cycle touch points, and deployment. There are 110 BSIMM security actions in total, according to Cigital.

Related Search Term(s): Cigital, Fortify, security

Share this link: http://www.sdtimes.com/link/33905

Cigital releases a set of rules to boost Java security The Java Security Rulepack adds on to Fortify's vulnerability category base. The rules are open source, allowing users to modify them as needed, and include a group of security checks that work with source Code Analyzer 4.5 and up.

Fortify, HP give hybrid view of app security By correlating results of dynamic testing and static code analysis, Hybrid 2.0 offers improved vulnerability resolution

BSIMM lays out security blueprint Cigital and Fortify worked together to create the Building Security in Maturity Model, a set of processes that security companies can use when advising clients. The processes were gathered from companies like Adobe, EMC, Google and Microsoft.

Add comment

Name*
Email*
Country

Comment
Preview

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST

3/22/2010 to 3/25/2010
Santa Clara, Calif.
The Eclipse Foundation

DevConnections

4/12/2010 to 4/14/2010
Las Vegas
Penton Media

MySQL Conf. and Expo

4/12/2010 to 4/15/2010
Santa Clara, Calif.
O'Reilly Media

High Performance Computing Linux Financial Markets

4/19/2010
New York City
Flagg Management

Informix User Conf.

4/25/2010 to 4/28/2010
Overland Park, Kans.
IIUG

Please hold here to Drag the window

Close [x]

Subscribe today and you'll receive 24 free issues of SD Times!

Dear Software Professional,

I’d like to invite you to subscribe to SD Times, the newspaper of the software development industry. The newspaper is free, and it will only take a moment to subscribe!

SD Times covers the fast-paced world of software and application development. The twice-monthly newspaper helps software architects, project leaders, analysts and development managers make the proper decisions about products, methodologies and practices that can affect their development teams and efforts.

Each year, we offer only a limited number of complimentary subscriptions to software development professionals!

It only takes moment to sign up. Don't delay, subscribe today!

Sincerely,

David Lyman
Publisher
SD Times

Cigital, Fortify tailor security model for Europe

By Jeff Feinman

Related Articles

Add comment