BSIMM 3: What’s new? What’s next?

An updated version (version 3) of the Building Security In Maturity Model was released this week by Cigital.

BSIMM started in 2008, as an inventory and classification of the software security practices used by practitioners across multiple industries. The updated version includes measurement from 42 firms, including 11 that have been measured twice. As a result, the inventory of software security activities has increased to 109, demonstrating that software security is an evolving field and that there is not one single way to skin the software security cat.

EMC was one of the nine firms measured by Cigital as part of the original BSIMM study and we are one the 11 firms in BSIMM 3 that have been measured twice. For us, sharing our software security practices with the industry is part of our industry outreach strategy that led us to become a co-founder of SAFECode in 2007. Enabling IT providers to improve their software security practices is an acknowledgement that the security of our customers’ products and solutions is more than the security of a single vendor’s products.

About the Author: Eric Baize

Throughout his career, Eric Baize has been passionate about building security and privacy into systems and technology from design to deployment. He currently leads Dell EMC’s Product Security Office and serves as Chairman of SAFECode, an industry-led non-profit organization dedicated to advancing software and supply chain security best practices. At Dell EMC, Eric leads the team that sets the standards and practices for all aspects of product security for the product portfolio: Vulnerability response, secure development, consistent security architecture, and code integrity. Eric joined Dell through its combination with EMC where he built EMC’s highly successful product security program from the ground up and was a founding member of the leadership team that drove EMC’s acquisition of RSA Security in 2006. He later led RSA’s strategy for cloud and virtualization. Prior to joining EMC in 2002, Eric held various positions for Groupe Bull in Europe and in the US. Eric has been a member of the SAFECode Board of Directors since the organization was founded in 2007 and also serves on the BSIMM Board of Advisors. He holds multiple U.S. patents, has authored international security standards, is a regular speaker at industry conferences and has been quoted in leading print and online news media. Eric holds a Masters of Engineering degree in Computer Science from Ecole Nationale Supérieure des Télécommunications de Bretagne, France and is a Certified Information Security Manager. Follow Eric Baize on Twitter: @ericbaize