Gary McGraw on evolution of BSIMM maturity framework

SAN FRANCISCO -- The man who wrote the book on software security best practices said that while it was once difficult to measure an organization's secure software development capabilities, the invention of the Building Security in Maturity Model, or BSIMM, has created an effective "measuring stick for software security."

Gary McGraw, Cigital Inc. CTO and co-author of Building Secure Software, the industry's first book on software security, said BSIMM now makes it trivial for an organization to determine whether its developers have the right training, tools and processes in place.

"The BSIMM knows all that," McGraw said, "and it's a beautiful way to measure software security."

In this interview, conducted at RSA Conference 2013, McGraw discussed the creation and subsequent evolution of BSIMM, which now measures more than 100 different software security benchmarks, as well as why some organizations continue to ignore software security, and how major software vendors like Microsoft and Adobe are addressing obstacles that are preventing secure software development.

View All Videos

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.