BSIMM Defines Best Practices For Software Security
A new security model Building Security In Maturity Model (BSIMM) has been released that describes the activities practiced by nine of the most successful software security initiatives in the world. BSIMM is a real-world set of software security activities organized so that you can determine where you stand with your software security initiative and how to evolve your initiative over time.
The Building Security In Maturity Model (BSIMM) is designed to help you understand and plan a software security initiative. BSIMM is a collection of good ideas and activities that are in use today. BSIMM consists of 110 activities organized into the twelve practices of the Software Security Framework (SSF), and further divided into three maturity levels per practice. BSIMM is something to consider when investing into any unified communications services for business.
Here’s an overview of the Software Security Framework (SSF):
The Software Security Framework (SSF) | |||
---|---|---|---|
Governance | Intelligence | SSDL Touchpoints | Deployment |
Strategy and Metrics (SM) | Attack Models (AM) | Architecture Analysis (AA) | Penetration Testing (PT) |
Compliance and Policy (CP) | Security Features and Design (SFD) | Code Review (CR) | Software Environment (SE) |
Training (T) | Standards and Requirements (SR) | Security Testing (ST) | Configuration Management and Vulnerability Management (CMVM) |
BSIMM is free and has been released under a creative commons license.