BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
SAN FRANCISCO -- The man who wrote the book on software security best practices said that while it was once difficult to measure an organization's secure software development capabilities, the invention of the Building Security in Maturity Model, or BSIMM, has created an effective "measuring stick for software security."
Gary McGraw, Cigital Inc. CTO and co-author of Building Secure Software, the industry's first book on software security, said BSIMM now makes it trivial for an organization to determine whether its developers have the right training, tools and processes in place.
"The BSIMM knows all that," McGraw said, "and it's a beautiful way to measure software security."
In this interview, conducted at RSA Conference 2013, McGraw discussed the creation and subsequent evolution of BSIMM, which now measures more than 100 different software security benchmarks, as well as why some organizations continue to ignore software security, and how major software vendors like Microsoft and Adobe are addressing obstacles that are preventing secure software development.