In mid-November, I attended the BSIMM Community Conference 2013 in Chantilly, VA. The community represents 67 firms, and there were about 100 people in attendance.
The Building Security In Maturity Model (BSIMM) is the result of a multi-year study of real-world software security initiatives. The BSIMM helps to measure, compare and contrast software security data. The model also describes how mature software security initiatives evolve, change and improve over time. Adobe was one of the nine original participants in the first version of BSIMM and has participated in subsequent BSIMM surveys.
This year the conference provided two tracks, thereby providing a smaller ratio of presenters to attendees per presentation. Topics included Static Analysis, Software Security Meets Agile, Mobile Security, Software Security Metrics for Efficiency and Effectiveness, Architecture Analysis, Insider Threats, and Third Party Software and Security.
To sum it up, I appreciated the opportunity to connect, network and discuss comparative security initiatives, current events, and best practices with those in attendance. Thanks to BSIMM organizers for putting on a great event.
Product Security Group Program Manager
Last week, ASSET team members Jim Hong, Josh Kebbel-Wyen and I attended the BSIMM Community Conference 2012, which took place in Galloway, NJ. This year, despite hurricane Sandy, the conference had about 90 attendees representing 30 organizations.
The Building Security In Maturity Model (BSIMM) is a data-driven descriptive model of existing security initiatives across various companies. Adobe was one of the nine original participants in measurements for the first version of BSIMM and has participated in subsequent BSIMM surveys.
This year, participants such as Intel, Symantec and JP Morgan Chase held talks during the conference, covering topics such as strategy, architecture analysis, training and penetration testing, with each talk describing how the organizations had customized the best practice in their particular environment.
In addition to the talks, there were three parallel workshops on Security Fraud, Third Party Security Controls and Agile Methods in SSDLs. These workshops provided discussion on the nuances of security and how each organization deals with the challenges associated with them.
The talks and workshop were informative but of equal or maybe even greater value, was the opportunity to network and compare notes on security initiatives and best practices with peers from across participating organizations. The benefit from this kind of interaction is immense.
Senior Manager Secure Software Engineering