Deployment

The process of practices

Practices that result in collections of corporate knowledge used to carry out software security activities, including both proactive security guidance and organizational threat modeling.

Penetration Testing

The penetration testing practice involves standard outside in testing of the sort carried out by security specialists. Penetration testing focuses on vulnerabilities in final configuration, and provides direct feeds to defect management and mitigation.

Learn more

Software Environment

The software environment practice concerns itself with OS and platform patching, web application firewalls, installation and configuration documentation, application monitoring, change management, and ultimately, code signing.

Learn more

Configuration and Vulnerability Management

The configuration management and vulnerability management practice concerns itself with patching and updating applications, version control, defect tracking and remediation, and incident handling.

Learn more

The BSIMM is designed to help you understand, measure, and plan a software security initiative. The BSIMM was created by observing and analyzing real-world data from leading software security initiatives.

Useful Links

About BSIMM

Privacy & Legal

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 License