Free Submission Public Relations & NewsPR-inside.com
Home
Deutsch English

Business

DTCC’s Software Security Program and Leadership Recognized as World-Class


Print article Print article
© Business Wire 2009
2009-03-18 16:50:02 -

The Depository Trust & Clearing Corporation’s (DTCC) software security program has been recognized as a world-class leader, providing several key elements of the first software security “yardstick,” according to an independent assessment from Fortify Software, the market leader in software security assurance solutions, and Cigital, the largest consulting firm specializing in software security.

In their benchmarking report released last week, “Building Security In Maturity Model (BSIMM),” Cigital and Fortify Software created the first-ever scientific observation of common domains and activities for developing an enterprise-wide software security initiative. Based on interviews with technology leaders such as DTCC, Adobe, EMC, Google and Microsoft, among others, the BSIMM report provides real-world insight into how organizations successfully build security into software and mitigate the business

risk associated with insecure applications.

DTCC’s four-year old software security program, recognized by the authors of the study as one of the most advanced in the world, applies rigorous strategy and measurements, training, standards and requirements for security testing and code review.

“The industry puts its trust in DTCC to clear and settle more than $1.88 quadrillion in securities transactions, and the stability of the financial system depends on our ability to deliver,” said William B.

Aimetti, DTCC’s president and chief operating officer. “For us, software security is not a ‘nice to have,’ but an absolute business imperative that our customers demand. With the sheer volumes and values of transactions we process and the central role we play in the financial services industry, customers need the assurance and confidence that the technology products we offer are, above all, rock-solid and secure.”

This is not the first recognition of DTCC’s best-practices in IT. Last fall, DTCC was appraised at a Capability Maturity Model® Integration (CMMI®) Level 3, the only U.S. financial services organization to have achieved this rating across its entire enterprise. CMMI, an internationally-recognized assessment from the Software Engineering Institute (SEI) of Carnegie Mellon University, is a measure of excellence in improving organizational processes. In combination with DTCC’s software security program, CMMI Level 3 provides a highly disciplined approach to embed and enforce software security controls, whether it is custom code written by DTCC developers, or software purchased “off the shelf” and adapted for use.

“As one example of how we’ve incorporated CMMI Level 3 into software security, we now ‘front-end load’ by rigorously checking for vulnerabilities early in the code development lifecycle, rather than rely on penetration testing at the end and fixing defects after code is in production,” said James Routh, DTCC’s chief information security officer. “This has significant economic benefit in terms of productivity saved — and risk mitigation for customers.”

“We were pleased to share our experience, insights and best-practices with the thought leaders at Cigital and Fortify Software,” Aimetti continued. “Their recognition of our software security program is a testament to the hard work and talent of our team of IT professionals.”

The BSIMM report from Fortify Software and Cigital is available under creative commons license here: cts.businesswire.com/ct/CT?id=smartlink&url=http%3A%2F%2Fbsi .. .


About DTCC

The Depository Trust & Clearing Corporation (DTCC), through its subsidiaries, provides clearance, settlement and information services for equities, corporate and municipal bonds, government and mortgage-backed securities, money market instruments and over-the-counter derivatives. In addition, DTCC is a leading processor of mutual funds and insurance transactions, linking funds and carriers with financial firms and third parties who market these products. DTCC's depository provides custody and asset servicing for more than 3.5 million securities issues from the United States and 117 other countries and territories, valued at $27.6 trillion. Last year, DTCC settled more than $1.88 quadrillion in securities transactions. DTCC has operating facilities in multiple locations in the United States and overseas.



The Depository Trust & Clearing CorporationCrystal Bueno,

212-855-5473 mailto:clevy-bueno@dtcc.com


Author:
Hossam Abdel-Kader
e-mail
Web: www.pr-inside.com/
Phone: +43 1 9582319
Disclaimer: (c) 2012 Business Wire. All of the news releases contained herein are protected by copyright and other applicable laws, treaties and conventions. Information contained in the releases is furnished by Business Wire's members, who warrant that they are solely responsible for the content, accuracy and originality of the information contained therein. All reproduction, other than for an individual user's personal reference, is prohibited without prior written permission.
Latest News
Read the Latest News
www.newsenvoy.com

 
Terms & Conditions | Privacy | About us | Contact PR-inside.com | BidVertiser