BSIMM2 – A Very Useful Reference for Software Security Practitioners

On May 12th, Gary McGraw and his teams from Cigital and Fortify Software released version 2 of the Building Security in Maturity Model (BSIMM). It triples the size of the software security practices analyzed by the study to a total of 30. EMC was part of the nine software security practices studied by the original BSIMM and we are delighted to see the study expanded.

The number of participants in BSIMM2 underscores how software assurance has become an integral part of the way large organizations develop software. The sharing of working software assurance controls through initiatives like BSIMM makes it easier for software development organizations of all sizes to implement similar controls. This is the main reason why EMC is a founding member of SAFECode and is also part of the BSIMM Advisory Board.

BSIMM2 gives a good starter kit to building a software security practice along with others such as the SAFECode reports or Microsoft’s Security Development Lifecycle references.

About the Author: Eric Baize

Throughout his career, Eric Baize has been passionate about building security and privacy into systems and technology from design to deployment. He currently leads Dell EMC’s Product Security Office and serves as Chairman of SAFECode, an industry-led non-profit organization dedicated to advancing software and supply chain security best practices. At Dell EMC, Eric leads the team that sets the standards and practices for all aspects of product security for the product portfolio: Vulnerability response, secure development, consistent security architecture, and code integrity. Eric joined Dell through its combination with EMC where he built EMC’s highly successful product security program from the ground up and was a founding member of the leadership team that drove EMC’s acquisition of RSA Security in 2006. He later led RSA’s strategy for cloud and virtualization. Prior to joining EMC in 2002, Eric held various positions for Groupe Bull in Europe and in the US. Eric has been a member of the SAFECode Board of Directors since the organization was founded in 2007 and also serves on the BSIMM Board of Advisors. He holds multiple U.S. patents, has authored international security standards, is a regular speaker at industry conferences and has been quoted in leading print and online news media. Eric holds a Masters of Engineering degree in Computer Science from Ecole Nationale Supérieure des Télécommunications de Bretagne, France and is a Certified Information Security Manager. Follow Eric Baize on Twitter: @ericbaize