What is BSIMM?
BSIMM (pronounced “bee simm”) is short for Building Security In Maturity Model. The BSIMM is a study of real-world software security initiatives organized so that you can determine where you stand with your software security initiative and how to evolve your efforts over time.
Why software security?
Software security is about building software to be secure even when it is under attack. As we have learned from years network security drama, protecting software is much easier if the software is built with security in mind. Furthermore, security is a property and not a thing, so software security involves much more than simply adding security features like SSL or passwords to software.
Who did you study?
BSIMM3 describes the software security initiatives at forty-two well-known companies. The full public list of participants is here. All told, the BSIMM describes the work of 786 SSG members working with a satellite of 1750 people to secure the software developed by 185,316 developers.
Get Involved
The most important use of the BSIMM is as a measuring stick to determine where your approach currently stands relative to other firms. Do this by noting which activities you already have in place, and using “activity coverage” to determine level and build a scorecard. One meaningful comparison is to chart your own maturity high water mark against the averages we have published to see how your initiative stacks up. Below, we have plotted data from a (fake) FIRM against the BSIMM Earth graph.
Downlaod
Link relacioandos:
- SAFECode and the BSIMM: Two Paths to a Common Goal
- BSIMM 3: What’s new? What’s next?
- Measuring Software Security Initiatives Over Time
- BSIMM 3 Released
No hay comentarios:
Publicar un comentario