The Building Security In Maturity Model (BSIMM)

Gary McGraw, Ph.D., and colleagues Brian Chess, Ph.D., & Sammy Migues, have released the Building Security In Maturity Model (BSIMM) which is meant to provide guidance on building more secure software. The 53-page document is aimed at "anyone charged with creating and executing a software security initiative." BSIMM also cautions that any software security project needs to have proper backing and visibility:
Most successful initiatives are run by a senior executive who reports to the Board or the CIO of an organization. These executives lead a group that we call the Software Security Group (SSG), charged with directly executing or facilitating the activities described in BSIMM. BSIMM is written with the SSG and SSG leadership in mind.
This is an important body of work with input from representatives of Adobe, EMC, QualComm, Google, Wells Fargo, and Microsoft. The document is licensed under the Creative Commons Attribution-Share Alike 3.0 License (for license details, go to

Src: The Building Security In Maturity Model (BSIMM)

No comments: