Cigital recently hosted a second BSIMM Community Conference near Portland, Oregon. The Conference was outstanding, and was a great opportunity for like-minded software security professionals to compare notes. Firms participating in the BSIMM include:
- Adobe
- Aon
- Bank of America
- Capital One
- The Depository Trust &
Clearing Corporation (DTCC) - EMC
- Fannie Mae
- Fidelity
- Intel
- Intuit
- Mashery
- McKesson
- Microsoft
- Nokia
- QUALCOMM
- Sallie Mae
- SAP
- Scripps Networks Interactive
- Sony Ericsson
- Standard Life
- SWIFT
- Symantec
- Telecom Italia
- Thomson Reuters
- Visa
- VMware
- Wells Fargo
- Zynga
The BSIMM project describes and measures the work of 786 SSG members, who together with a satellite of 1750 people, have direct impact on the work of 185,316 developers. (Download a copy today and get your firm involved in the BSIMM Project.)
The BSIMM is mostly about SSDL activities and governance. However, third-party software plays a major role in all of the BSIMM firms and is an important risk factor that must be managed. In addition to talks from member firms, the BSIMM Community Conference also featured a workshop on third-party software and security.
Sammy, Brian, and I wrote up the results in an informIT article that was posted today.
The interesting aspect of our workshop was that it was made up approximately of 50% software vendors and 50% financial services firms. This made for a very interesting conversation around vendor control.