Fortify, Cigital Offer Security Benchmarks

LONDON -- Fortify Software, the market leader in Software Security Assurance solutions, and Cigital, the largest consulting firm specializing in software security, announced today the release of the Building Security In Maturity Model (BSIMM),” the industry’s first-ever set of benchmarks for developing and growing an enterprise-wide software security program.

Based on in-depth interviews with leading enterprises such as Adobe, EMC, Google, Microsoft, QUALCOMM, Wells Fargo, and Depository Trust & Clearing Corporation (DTCC), the BSIMM pulls together a set of activities practiced by nine of the 25 most successful software security initiatives in the world. Unlike some industry standards, BSIMM is a structured set of practices based on real-world data rather than philosophy and ideas. BSIMM provides insight on what successful organizations actually do to build security into their software and mitigate the business risk associated with insecure applications.

“Microsoft’s Security Development Lifecycle (SDL) was one of the first real enterprise software security methodologies, and we are always eager to share our ideas and best practices with the industry,” said Steve Lipner of Microsoft. “BSIMM provides a public ‘yardstick’ for measuring the progress of any organization’s own software assurance program.”

Fortify Software Inc.