Software security in theory and practice - BSIMM and more

Nick Murison will give a talk on the Building Security In Maturity Model (BSIMM) for secure software development.

Abstract: The Building Security In Maturity Model (BSIMM) (http://bsimm.com/) is a unique tool built from an observation-based approach to capturing the collective activities of diverse software security initiatives. We initiated data gathering and analysis in 2008 with nine firms. There are now over 100 participant organisations in BSIMM, and we have measured many of these organisations more than once. Though secure software initiatives differ, all share common ground. BSIMM captures and describes this common ground. It therefore functions as universal yardstick, capable of measuring any software security initiative and facilitating strategic planning for ongoing software security improvement. This talk will provide an introduction to the model, how you can apply it to your organisation, and what benefits you can achieve in measuring your initiative. It will also provide a sneak preview of BSIMM8, the latest version of the model.

About the speaker: Nick Murison is a Managing Consultant in Synopsys’ Software Integrity Group, and the European lead for BSIMM. His primary responsibility is the successful delivery of software security services to Synopsys’ clients across multiple industry verticals in Northern Europe. Nick holds a MSc in Information Security from Royal Holloway, University of London.

In addition, we've scheduled two shorter talks.

Jøran Lillesand will give a short presentation on practical experiences with running a software security programme, based on ongoing work at Digipost (https://www.digipost.no/sikkerhet). This talk will be held in Norwegian.

Patricia Aas will give a short presentation on her recent experiences with the security of the Norwegian election system (http://www.vg.no/nyheter/meninger/stortingsvalget-2017/kampanjen-funket/a/24136153/).