Real-world data on software security initiatives
Cigital and Fortify Software released the Building Security In Maturity Model for Europe or “BSIMM Europe,” an application of the industry’s first-ever set of benchmarks for developing and growing an enterprise-wide software security program to the European market.
BSIMM Europe illuminates the software security practices of some of the most advanced organizations in Europe, including Nokia, SWIFT, Standard Life, Telecom Italia, and Thomson Reuters, and four companies that chose to remain anonymous.
Released in March 2009, the original BSIMM study was based on in-depth interviews with leading enterprises including Adobe, EMC, Google, Microsoft, QUALCOMM, Wells Fargo, and Depository Trust & Clearing Corporation (DTCC). BSIMM Europe describes a set of activities practiced by nine European firms chosen from among the 56 most successful software security initiatives in the world. Unlike some industry standards, BSIMM is a structured set of practices based on real-world data rather than philosophy and ideas. BSIMM provides insight on what successful organizations actually do to build security into their software and mitigate the business risk associated with insecure applications.
“Nokia’s participation in the BSIMM Europe project reflects a mutual, ongoing interest in setting, updating, and maintaining the highest standards in software security,” said Janne Uusilehto, Head of Product Security, Nokia. “The insights gained from the BSIMM project will doubtlessly further the definition of standards, which will not only serve as critical tools for measuring and comparing, but will also for enable the evolution of software security initiatives.”