The Building Security In Maturity Model (BSIMM) is a collection of 110 activities discovered during an extensive study of nine organizations that are recognized as being highly effective in building secure software. It was developed largely by two security tools vendors, Cigital and Fortify, but it has been vetted and reviewed by many software development organizations, the creators say.
"BSIMM is a real-world set of software security activities organized so that you can determine where you stand with your software security initiative and how to evolve your initiative over time," the group says. "BSIMM describes the set of activities practiced by nine of the most successful software security initiatives in the world. In that sense, it is a de facto standard because it's what organizations actually do. You could say we discovered it, rather than dreamed it up."
The BSIMM effort has received praise from those who have reviewed and participated in its development, including Microsoft. It's a free download, with the only requirement that if developers use it, they must point back to it in their documentation.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message