Friday, April 10, 2009

Building Security in Maturity Model

Software security again.

In 2006, software security found itself embodied in three major methodologies: Microsoft SDL, Cigital Touchpoints, and OWASP CLASP. Of course there are more. BSIMM selects 9 (out of 35 software security initiatives) and creates a Software Security Framework (SSF).

The BSIMM is about helping us to determine where our organization stands with respect to software security initiatives and what steps can be taken to make it more effective.

For a concise description of the BSIMM, read the informIT article Software [In]security: The Building Security In Maturity Model (BSIMM), Confessions of a Software Security Alchemist.

You can download the document from here.