News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
ISSUE 2/1/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?

Visual Studio 2010 Release Candidate Available Today
A Visual Studio 2010 release candidate is available on MSDN.
02/09/2010 09:45 AM EST

Is Microsoft eyeing Office subscription pricing?
Microsoft may be preparing to offer a new Office pricing option called "union," which charges the same for cloud as on-premises.
02/01/2010 09:38 AM EST

Facebook rewrites PHP runtime
Facebook is about to open source its own PHP runtime, written from scratch for speed.
01/30/2010 08:53 PM EST

2/9/2010 to 2/13/2010
San Francisco
IDG World Expo

SPTechCon 2010

2/10/2010 to 2/12/2010
San Francisco
BZ Media

PyCon 2010 (Python Conf.)

2/17/2010 to 2/25/2010
Atlanta
Python Software Foundation

Southern Calif. Linux Expo

2/19/2010 to 2/20/2010
Los Angeles
SCALE

IBM Pulse

2/21/2010 to 2/24/2010
Las Vegas
IBM

HOME ALL STORIES LATEST NEWS COLUMNS OPINIONS EDITORIALS GUEST VIEWS SHORT TAKES DATA WATCH SPECIAL REPORTS ZEICHICK'S TAKE SD TIMES 100 EDITORS' BLOG

RSS FEEDS

FACEBOOK

TWITTER

WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL CALENDAR EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH SYSMANNEWS SPTECHCON ESDC IPHONEDEVCON PRIVACY POLICY CONTACT US

Printable version

HOME >> LATEST NEWS

Most Read Latest News Blog Resources

Facebook brings HipHop to PHP
HipHop compiles PHP to speed up the Web layer at world's most popular social networking si...

Adobe moves LiveCycle application platform to the cloud
Release gives developers just what they need to create targeted business process-oriented ...

Oracle acquires AmberPoint
Today's merger will probably affect most of AmberPoint's existing partnerships with other ...

Adobe moves LiveCycle application platform to the cloud
Release gives developers just what they need to create targeted business process-oriented ...

Oracle acquires AmberPoint
Today's merger will probably affect most of AmberPoint's existing partnerships with other ...

Syncfusion announces component suite for .NET 4
Essential Studio 2010 has business intelligence, reporting and UI controls, ready for .NET...

Visual Studio 2010 Release Candidate Available Today
A Visual Studio 2010 release candidate is available on MSDN.

Is Microsoft eyeing Office subscription pricing?
Microsoft may be preparing to offer a new Office pricing option called "union," which charges the same for cloud as on-premises.

Facebook rewrites PHP runtime
Facebook is about to open source its own PHP runtime, written from scratch for speed.

The Agile Heartbeat When an organization goes Agile, who’s the most affected? Programmers? Testers? Stakeholde...

Open Source Community Practices in the Enterprise In the enterprise, open source software is recognized for the cost savings it delivers whe...

Enterprise Mashup Platforms for Today’s Increasingly Complex and Real-Time Context Enterprise Mashups offer your company a new way to connect data from inside and outside yo...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Cigital, Fortify tailor security model for Europe

By Jeff Feinman

November 12, 2009 —

Cigital and Fortify Software have created BSIMM Europe (Building Security In Maturity Model for Europe), an extension of the security benchmark model that the two companies created in March of this year.

Executives of the two companies said that BSIMM Europe, announced today, describes a set of security actions practiced by nine European firms. Those companies include Nokia, asset management company Standard Life, messaging services provider SWIFT, Telecom Italia and Thomson Reuters. The four other companies weren’t named.

“Software security is a worldwide phenomenon,” said Gary McGraw, CTO of Cigital. “Using BSIMM, an organization can determine where its software security initiative stands, figure out how to evolve its initiative strategically, or even get a brand new initiative off the ground. BSIMM is a tool for identifying realistic business goals and implementing those technical software security activities that make the most sense for an organization.”

For the original BSIMM study, representatives from Cigital and Fortify did interviews with and collected data from nine companies, including Adobe, EMC, Google and Microsoft. The model is divided into 12 practices, falling under the categories of governance, intelligence, software security development life-cycle touch points, and deployment. There are 110 BSIMM security actions in total, according to Cigital.

Related Search Term(s): Cigital, Fortify, security

Share this link: http://www.sdtimes.com/link/33905

Cigital releases a set of rules to boost Java security The Java Security Rulepack adds on to Fortify's vulnerability category base. The rules are open source, allowing users to modify them as needed, and include a group of security checks that work with source Code Analyzer 4.5 and up.

BSIMM lays out security blueprint Cigital and Fortify worked together to create the Building Security in Maturity Model, a set of processes that security companies can use when advising clients. The processes were gathered from companies like Adobe, EMC, Google and Microsoft.

Static, dynamic analysis go on-demand Fortify is teaming up with WhiteHat for an SaaS platform that scans websites and applications for security vulnerabilities

Add comment

Name*
Email*
Country

Comment
Preview

Subscribe today and you'll receive 24 free issues of SD Times!

Dear Software Professional,

I’d like to invite you to subscribe to SD Times, the newspaper of the software development industry. The newspaper is free, and it will only take a moment to subscribe!

SD Times covers the fast-paced world of software and application development. The twice-monthly newspaper helps software architects, project leaders, analysts and development managers make the proper decisions about products, methodologies and practices that can affect their development teams and efforts.

Each year, we offer only a limited number of complimentary subscriptions to software development professionals!

It only takes moment to sign up. Don't delay, subscribe today!

Sincerely,

David Lyman
Publisher
SD Times

Close [x]

Cigital, Fortify tailor security model for Europe

By Jeff Feinman

Related Articles

Add comment