View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
March 6, 2009

Fortify models de facto security standards

Maps real-world cases for enterprise security initiatives

By CBR Staff Writer

Some of the real-world experiences of software security leaders at Microsoft, Google, EMC and Adobe have been captured in a study that is being developed into a set of guidelines to show enterprises how to up their game in their own software security initiatives.

Fortify Software and the security consulting firm of Cigital are behind the scheme, which will be known as the Maturity Model for Software Security.

It has come about after the companies studied the form at nine organisations, all of them household names in financial services, software houses and technology firms. They included Adobe, EMC, Google, Microsoft, Qualcomm, Wells Fargo, and The Depository Trust and Clearing Corporation.

The Maturity Model for Software Security is the first concrete example of what really works for enterprise software security, not just a set of theoretical suggestions, Fortify said. 

In a company blog, chief scientist and founder of Fortify Brian Chess noted that the model is not a standard like Control Objectives for Information and related Technology (COBIT) or the Official Rules of Table Tennis. “Instead BSIMM describes the set of activities practiced by nine of the most successful software security initiatives in the world. In that sense, it is a de facto standard because it’s what organizations actually do. You could say we discovered it rather than dreamed it up.”

Protecting software is much easier if the software is built with security in mind and software security involves much more than simply adding security features like crypto, the company said. 

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

The BSIM model maps a set of benchmarks that detail what security activities actually work and provides a yardstick for measuring and planning the progress of any software security initiative, regardless of vertical industry or organisation size.

More information is to be released on Monday.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.