Article Options

BSIMM4 (Building Security in Maturity Model) Available

 
jacobw| September 18, 2012
1 Comments
0

This summer I had the pleasure to participate as an author in the development of the fourth release of the Building Security in Maturity Model (BSIMM). The BSIMM4 project provides insight into fifty-one of the most successful software security initiatives in the world and describes how these initiatives evolve, change, and improve over time. In particular, the project tracks 111 activities accross twelve practices:

 

1. Strategy and metrics

2. Compliance and policy

3. Training

4. Attack models

5. Security features and design

6. Standards and requirements

7. Architecture analysis

8. Code review

9. Security testing

10. Penetration testing

11. Software environment

12. Configuration and vulnerability management

 

The multi-year study is based on in-depth measurement of leading enterprises including Adobe, Aon, Bank of America, Box, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, F-Secure, Fannie Mae, Fidelity, Google, Intel, Intuit, JPMorgan Chase & Co., Mashery, McKesson, Microsoft, Nokia, Nokia Siemens Networks, QUALCOMM, Rackspace, Salesforce, Sallie Mae, SAP, Scripps Networks, Sony Mobile, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, Vanguard, Visa, VMware, Wells Fargo, and Zynga.

 

For me, the most interesting projects always involve data. Data are what help us model the environment in which we work and understand how the actors around us accomplish their goals. Data, even the simplest data, can illuminate problems in entirely new ways and that’s what BSIMM4 does. BSIMM is the single best mechanism for understanding how your organization builds secure software and for comparing your own activities to those of relevant peers. You can start today by downloading BSIMM4 and beginning to see where your firm stacks up!

Tags: application security| bsimm| Governance| SDL| SDLC| View All (6)
0
Comments
Gary McGraw(anon) | ‎09-19-2012 07:54 AM
Options

Jacob, it was superb to have you join as as co-author of BSIMM4.  The BSIMM Community is thriving and is making a big difference in software security as a field.

 

gem

0
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 
Search
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About the Author(s)


Follow Us