The security aspect of DevOps is evolving as new data found a new wave of engineering-led software security efforts originating bottom-up in the development and operations teams rather than top-down from a centralized software security group (SSG). Software security initiatives (SSIs) have identified a number of individuals (often developers, testers, and architects) who are invested … continue reading
Synopsys releases BSIMM8 Electronic design automation company Synopsys has released the latest version of their software security maturity model, BSIMM8, which includes data collected from 109 firms and describes the work of nearly 5,000 software security professionals. Findings of the survey show a clear trend of improvement, with companies seeing an average score increase between … continue reading
Enterprises are realizing they need to adjust their security initiatives, and as result, software security is finally becoming mainstream. But with the rise of new trends like the Internet of Things and containerization, it’s up to security teams to teach developers how to secure their code. Cigital addresses these trends in BSIMM7, the latest version … continue reading
After reporting out this month’s feature on software security, it strikes us that there appear to be parallels between companies selling security solutions and those selling pharmaceuticals. Those who take to conspiracy theories have argued for years that the pharmaceutical companies have no incentive to eliminate, say, cancer, because they would lose the massive profits … continue reading
The BSIMM project gathers security procedures from 30 companies, and has crafted a list of 15 general security points … continue reading