The Center for Education and Research in Information Assurance and Security (CERIAS)
The Center for Education and Research inInformation Assurance and Security (CERIAS)
The BSIMM-V project provides insight into 67 of the most successful software security initiatives in the world and describes how these initiatives evolve, change, and improve over time. The multi-year study is based on in-depth measurement of leading enterprises including Adobe, Aetna, Bank of America, Box, Capital One, Comerica Bank, EMC, Epsilon, F-Secure, Fannie Mae, Fidelity, Goldman Sachs, HSBC, Intel, Intuit, JPMorgan Chase & Co., Lender Processing Services Inc., Marks and Spencer, Mashery, McAfee, McKesson, Microsoft, NetSuite, Neustar, Nokia, Nokia Siemens Networks, PayPal, Pearson Learning Technologies, QUALCOMM, Rackspace, Salesforce, Sallie Mae, SAP, Sony Mobile, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, TomTom, Vanguard, Visa, VMware, Wells Fargo, and Zynga.
Prof. Spafford participated as a panelist on the Privacy & Civil Liberties Oversight Board hearing. The topic was potential reform of the laws that govern NSA domestic surveillance.
Eugene Spafford, one of the first to analyze the Morris Worm, says we haven’t learned from it or other major security breaches since.
The one action that may make the most difference in how federal agencies secure their computer networks involves no new whiz-bang technology. It has no up-front real-dollar costs either.
He was one of the first computer scientists to dissect the game-changing worm that hit the Internet 25 years ago and took down thousands of computers. He’s also credited for defining software forensics and shaping other security technologies. But Eugene “Spaf” Spafford says security still isn’t taken seriously enough today.
