- All team questions in one page
- Added a Maybe column
- Removed the 'If No, why not?' text from the last column
- Added spaces to ask for Application name and Jira ID
The source file is available at GitHub
Wednesday, 27 April 2016
BSIMM Questions for Teams v0.7 (with all consolidated team questions and maybe column)
Following from Updated version of BSIMM Questions for Teams (now will all activities mapped) here is an improved version with:
Tuesday, 26 April 2016
Updated version of BSIMM Questions for Teams (now will all activities mapped)
Following from First pass at BSIMM questions for teams here is an updated version of the questionnaire for developers.
It looks like this and it has 3 sections:
The source file is available at GitHub
Note: this is still a very first early draft of these mappings (with many changes expected in the next couple weeks).
It looks like this and it has 3 sections:
The source file is available at GitHub
Note: this is still a very first early draft of these mappings (with many changes expected in the next couple weeks).
First pass at BSIMM questions for teams
Here (also embedded below) is a mapping of several BSIMM activities and translating them into a questionnaire that can be easily filled in by developers, technical architects, business owners and security champions (called satellites in BSIMM).
Note that not all activities are there. Some only made sense for SSG (Software Security Group) to answer, and I already knew the answer for others.
This is still a work in progress, and I'm not happy with the wording of some of the questions. But it is good enough to give a try and get feedback.
The objective is to create metrics about multiple development teams, so that a set of targets can be set (and an action plan created)
Note that not all activities are there. Some only made sense for SSG (Software Security Group) to answer, and I already knew the answer for others.
This is still a work in progress, and I'm not happy with the wording of some of the questions. But it is good enough to give a try and get feedback.
The objective is to create metrics about multiple development teams, so that a set of targets can be set (and an action plan created)
Sunday, 24 April 2016
Started working on new book "Measuring Software Quality using Application Security"
Over the 3 weeks I spent in the US (in an RV with family) I started working on a book based on the ideas shown at the "New Era of Software with modern Application Security" presentation (v1.0).The current title is "Measuring Software Quality using Application Security" and it is going to be published at LeanPub: https://leanpub.com/Software_Quality
All content is hosted on the public GitHub repo
https://github.com/DinisCruz/Book_Software_Quality/tree/master/content, where you can also see a number of issues I plan to address (including areas for research)
I am currently in the brain dump stage of development, where I'm adding the content I want to talk about (in a kinda-structured way). The idea is to expand the bullet points into text and normalise the content in logical areas (some topics already have a first pass at expanding the ideas into final text).
Subscribe to:
Posts (Atom)