Governance

Organizing, managing, and measuring a software security initiative

Governance includes those practices that help organize, manage, and measure a software security initiative. Staff development is also a central governance practice.

Strategy & Metrics

The Strategy & Metrics practice encompasses planning, assigning roles and responsibilities, identifying software security goals, determining budgets, and identifying metrics and gates.

Learn more

Compliance & Policy

The Compliance & Policy practice is focused on identifying controls for compliance regimens such as PCI DSS and HIPAA, developing contractual controls such as service-level agreements (SLAs) to help control COTS software risk, setting organizational software security policy, and auditing against that policy.

Learn more

Training

Training has always played a critical role in software security because software developers and architects often start with very little security knowledge.

Learn more

The BSIMM is designed to help you understand, measure, and plan a software security initiative. The BSIMM was created by observing and analyzing real-world data from leading software security initiatives.

Useful Links

About BSIMM

Privacy & Legal

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 License