• Home
• Facts
• Online
• Download
• Community
• Press
• Resources
• Related
• Membership

Additional Resources

• BSIMM4 measures and advances secure application development, SearchSecurity.com (May 10, 2013)
• Proactive defense prudent alternative to cyberwarfare, SearchSecurity.com (November 1, 2012)
• BSIMM study expands scope, identifies new software security activities, SearchSecurity.com (September 17, 2012)
• Data supports need for security awareness training despite naysayers, SearchSecurity.com (September 4, 2012)
• vBSIMM Take Two (BSIMM for Vendors Revised), InformIT (January 26, 2012)
• BSIMM versus SAFECode and Other Kaiju Cinema, InformIT (December 26, 2011)
• Third-Party Software and Security, InformIT (November 30, 2011)
• BSIMM3, informIT (September 27, 2011)
• Software Security Zombies, informIT (July 21, 2011)
• vBSIMM (BSIMM for Vendors), informIT (April 12, 2011)
• Software Security in Practice, IEEE Security & Privacy (March/April 2011)
• Real-World Software Security, Dr. Dobbs (August 6, 2010); see also: InformationWeek.
• BSIMM2: Measuring the Emergence of a Software Security Community, informIT (May 12, 2010)
• What Works in Software Security, informIT (February 26, 2010)
• Cargo Cult Computer Security, informIT (January 28, 2010)
• You Really Need a Software Security Group, informIT (December 21, 2009)
• BSIMM Europe, informIT (November 10, 2009)
• BSIMM Begin, informIT (September 24, 2009)
• Measuring Software Security, informIT (June 18, 2009)
• The Building Security In Maturity Model (BSIMM), Confessions of a Software Security Alchemist, informIT (March 16, 2009)
• A Software Security Framework: Working Towards a Realistic Maturity Model informIT (October 15, 2008)

BSIMM4 Activities
Included here are all BSIMM4 activities in spreadsheet format to allow ease of use.

Building Security In Maturity Model presentation - September 2012
This is the standard slide deck we are using for BSIMM presentation. This talk has been delivered all over the world to many audiences including the DHS Software Assurance Meetings, FS-ISAC, Cylab, several OWASP conferences, RSA, secappdev and multiple others.

Supply Chain Working Group (toolkit)
The supply chain working group convened by FSSCC/FBIIC (government financial collaboration organizations put together by Treasury, OCC, FDIC...) leveraged BSIMM activities.

Sales Slide Deck
This is a slide deck developed for use when convincing a firm to join the BSIMM Community.