Comments on: Software Security Model – BSI-MM released http://www.mikeandrews.com/2009/03/12/software-security-model-bsi-mm-released/ Fri, 09 Apr 2010 12:01:55 -0700 http://wordpress.org/?v=2.9.2 hourly 1 By: Security http://www.mikeandrews.com/2009/03/12/software-security-model-bsi-mm-released/comment-page-1/#comment-528 Security Thu, 19 Nov 2009 15:23:25 +0000 http://www.mikeandrews.com/2009/03/12/software-security-model-bsi-mm-released/#comment-528 I am surprised that they were able to get a hold of this info. I am even more surprised by this stat: "1% of the development staff are dedicated to a software security group" 1%? So with a team of 100-150, only 1 person handles all the security? And they wonder they they are breached so often! You need to have at least 5% of the force on security to ensure any kind of good communication and consistency in a security strategy...at least in my experience in working with fairly sensitive materials. I am surprised that they were able to get a hold of this info.

I am even more surprised by this stat:

“1% of the development staff are dedicated to a software security group”

1%? So with a team of 100-150, only 1 person handles all the security? And they wonder they they are breached so often! You need to have at least 5% of the force on security to ensure any kind of good communication and consistency in a security strategy…at least in my experience in working with fairly sensitive materials.

]]>