Synopsys Recognizes BSIMM Contributors at BSIMM Community Awards


The BSIMM Community Awards honor the most impactful projects carried out by BSIMM member organizations throughout the year.

In 2022, being tasked with leading an organization’s software security program can feel a lot like hosting a high-profile Hollywood awards show. One wrong move can end up slapping you in the face and in front of everyone.

It’s hard there. Despite all the great work these people and their teams do every day to keep their organization’s digital footprint secure, we only seem to hear from them when things go wrong.

That’s why we created the first BSIMM Community Awards, which aim to recognize the most impactful projects carried out by BSIMM member organizations throughout the year.

Whether it’s reducing costs, reducing friction between development and Security or launching a program of champions, these are the projects that drive some of the world’s most recognized brands.

Wait, what is the BSIMM?

Created in 2008, the BSIMM, which stands for Building Security in Maturity Model, is a maturity model that observes 125 software security initiatives across four areas (Governance, Intelligence, SSDL Touchpoints, and Deployment) to examine how organizations are integrating security into software development to combat a rapidly changing digital threat landscape. Through this data-driven lens, the BSIMM holistically assesses the maturity of an organization’s software security group to create a software security scorecard and assess the maturity of its program.

Aside from assessments and dashboards, BSIMM offers member organizations a private digital community to engage with peers, share ideas, and learn best practices, as well as in-person events to foster meaningful connections and collaboration. more narrow.

But don’t believe us, here’s what Bill Jaeger, Executive Director of Lenovo’s Infrastructure Solutions Group Product Security Office, had to say about the BSIMM community:

“Having joined the BSIMM community in 2015, we have found significant value in leveraging insights gained from observations updated annually to help us plan and measure our own security program, and also to gain insight into areas of practices most important to our customers. Additionally, the BSIMM community itself is a fantastic resource, with members generously sharing their experiences and lessons learned. We are all on a similar journey, and companies just starting out software security can learn a lot from those who started earlier.

And the BSIMM winners are…

From left to right: Jeremy Ferragamo (FINRA), Ranadheer Errabelly (FINRA), Robert Walker (Zoom Video Communications, Inc.), Brenna Leath (SAS), Raj Kaleru (DTCC), Muthu Balaraman (DTCC), Roman Nersesyan (Haven Technologies).

The inaugural BSIMM Community Awards ceremony took place at this year’s annual BSIMM North America Conference, held October 4-6 in Colorado Springs, Colorado.

To select this year’s winners, a panel of BSIMM evaluators reviewed submissions from BSIMM member organizations and selected five winners whose projects best demonstrated positive business impact through initiative and innovation. .

Here are your 2022 BSIMM Community Award winners:

Recognized for: Product Safety Leads Program

SAS’s Product Security Manager (PSL) role has enabled the organization to provide the necessary support and management of its SSDLC across the product portfolio and enterprise. By integrating security authority pathways with business authority pathways, the Product Safety Officer program and the Security Champion program have the potential to fully align with the business. Through PSLs, the SAS Product Security team has been able to extend its impact to its 200-person network of security champions and ensure that value is delivered across the SSDLC.

Known for: Security Awareness Program

FINRA’s awareness program caught our attention because of how it exemplifies the importance of communication and awareness in the name of application security. The company’s outreach program helped it gain vital buy-in for AppSec by crafting a successful messaging strategy that went beyond compliance and risk management strategies.

Zoom Video Communications, Inc.
Recognized for: Engineering Safety Champions Program

Zoom’s Security Champions program is a new way to solve what it calls the “cyber talent crisis.” During the Great Resignation, qualified application security professionals were hard to find, and talent was even harder to retain. By turning developers into AppSec experts, Zoom is cultivating its own next generation of cyber talent to better drive the ongoing security transformation.

Best known for: Creating and centralizing a security analysis model

Haven’s approach to scaling security tools by bundling security knowledge into pre-packaged security models is representative of the next step in scaling the application security program. With a focus on knowledge capture, Haven enables its developers to develop software that is secure by default.

Recognized for: Enterprise Application Security Assurance Program

Moving left and identifying design weaknesses, DTCC mitigated risk by using the results of its design-breakthrough exercises to drive the use of strong security controls and frameworks, and found tangible results in the form of reduced detection of vulnerabilities reported in further assessments. all along the line.

BSIMM Trends and Perspectives

Those interested in learning more about these results and the BSIMM program can download the BSIMM13 Trends and Outlook Report or full length BSIMM13 Foundationswhich provides in-depth data analysis and explores industry-specific trends.

From everyone here at Synopsys Software Integrity Group, congratulations to this year’s winners!

Source link