Blog dedicado al estudio de la Seguridad de la Información - Privacidad - Seguridad Informatica - Auditoria informática.
(Recopilación de principales noticias, eventos, politicas de seguridad, guías de buenas practicas, normas, estándares, herramientas, otros)
martes, 11 de octubre de 2011
Se publico la versión 3 de BSIMM (Building Security In Maturity Model)
BSIMM (pronounced “bee simm”) is short for Building Security In Maturity Model. The BSIMM is a study of real-world software security initiatives organized so that you can determine where you stand with your software security initiative and how to evolve your efforts over time.
Why software security?
Software security is about building software to be secure even when it is under attack. As we have learned from years network security drama, protecting software is much easier if the software is built with security in mind. Furthermore, security is a property and not a thing, so software security involves much more than simply adding security features like SSL or passwords to software.
Who did you study?
BSIMM3 describes the software security initiatives at forty-two well-known companies. The full public list of participants is here. All told, the BSIMM describes the work of 786 SSG members working with a satellite of 1750 people to secure the software developed by 185,316 developers.
The most important use of the BSIMM is as a measuring stick to determine where your approach currently stands relative to other firms. Do this by noting which activities you already have in place, and using “activity coverage” to determine level and build a scorecard. One meaningful comparison is to chart your own maturity high water mark against the averages we have published to see how your initiative stacks up. Below, we have plotted data from a (fake) FIRM against the BSIMM Earth graph.