The Inner Circle

BSIMM 11 - Building Security In Maturity Model - NEW

  • 1.  BSIMM 11 - Building Security In Maturity Model - NEW

    Posted 6 days ago
      |   view attached
    Hi All,

    The BSIMM is primarily a measuring stick for software security. The best way to use it is to compare and contrast your
    own initiative with the data about what other organizations are doing. The BSIMM also functions as a roadmap for an SSI (software security initiative). You can identify your own goals and objectives, then refer to the BSIMM to determine which additional activities make
    sense for you.

    The purpose of the BSIMM is to quantify the activities carried out by various kinds of SSIs across many organizations.
    Because these initiatives use different methodologies and different terminology, the BSIMM requires a framework that
    allows us to describe any initiative in a uniform way. Our software security framework (SSF) and activity descriptions
    provide a common vocabulary for explaining the salient elements of an SSI, thereby allowing us to compare initiatives
    that use different terms, operate at different scales, exist in different parts of the organizational chart, operate in different
    vertical markets, or create different work products.

    Michael Roza CPA, CISA, CIA