B1. Measuring Software Security Programs using BSIMM
Wednesday, May 9, 2018
11:15 AM - 12:15 PM
The Building Security-In Maturity Model (BSIMM) is a continuously evolving framework for measuring security actvitiy within software and product development life-cycles. This session will go into detail of the ins and outs of the framework, its evolution, and the most interesting data based on the most recent version of the BSIMM report (BSIMM8).
After completing this session, learners will:
- Understand how BSIMM measures software security programs
- Differentiate BSIMM from other maturity models (CMMI, OpenSAAM)
- Interpret the public BSIMM dataset published from BSIMMv8
Kevin Nassery is a Managing Principal at Synopsys. With over 20 years of experience building and breaking information systems, he specializes in software security program design, infrastructure security, security architecture, denial of service issues, and penetration testing. Kevin holds a Master's from Depaul University where his focus was on network protocol design and security.