BSIMM is made up of a software security framework used to organize the 116 activities used to assess initiatives. The framework consists of 12 practices organized into four domains.
Practices that help organize, manage, and measure a software security initiative
Practices that result in collections of corporate knowledge used in carrying out software security activities throughout the organization
Practices associated with analysis and assurance of particular software development artifacts and processes
Practices that interface with traditional network security and software maintenance organizations
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 License