Governance

Organize, manage, and measure a software security initiative

Governance includes those practices that help organize, manage, and measure a software security initiative; staff development is also a central governance practice.

Strategy & Metrics

The Strategy & Metrics practice encompasses planning, assigning roles and responsibilities, identifying software security goals, determining budgets, and identifying metrics and gates.

Learn more

Compliance & Policy

The Compliance & Policy practice is focused on identifying controls for compliance regimens such as PCI DSS and HIPAA, developing contractual controls such as Service Level Agreements to help control COTS software risk, setting organizational software security policy, and auditing against that policy.

Learn more

Security Training

Software security training has always played a critical role in software security because software developers and architects often start with very little security knowledge.

Learn more

The BSIMM is designed to help you understand, measure, and plan a software security initiative. The BSIMM was created by observing and analyzing real-world data from leading software security initiatives.

Useful Links

About BSIMM

Privacy & Legal

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 License