McGraw: Use VBSIMM software security model when buying software

McGraw: Use VBSIMM software security model when buying software

Date: Apr 11, 2013

SAN FRANCISCO -- Plenty of enterprises develop software themselves, but just as many buy software from third-party vendors. But how can an organization quickly and accurately vet the security of someone else's software?

Software security pioneer Gary McGraw has the answer. Building off of his Building Security In Maturity Model, or BSIMM, which measures secure software development processes, he's created the VBSIMM software security model, applying the same methodology to third-party vendor software security assessments.

"If you think of the BSIMM as a measuring stick for software security," said McGraw, "this is kind of like a ruler … and you can hold that up against your vendors."

In this video, McGraw -- Cigital Inc. CTO and co-author of Building Secure Software, the industry's first book on software security -- discusses the genesis of the VBSIMM maturity model and how major corporations like JPMorgan Chase use it to hold software vendors to a higher standard and ensure that expensive enterprise applications don't mar their customers with flawed code.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: