Organizing, managing, and measuring a software security initiative
Governance includes those practices that help organize, manage, and measure a software security initiative. Staff development is also a central governance practice.
Strategy & Metrics
The Strategy & Metrics practice encompasses planning, assigning roles and responsibilities, identifying software security goals, determining budgets, and identifying metrics and software release conditions.
The Compliance & Policy practice is focused on identifying controls for compliance regimens such as PCI DSS and HIPAA, developing contractual controls such as SLAs to help control COTS software risk, setting organizational software security policy, and auditing against that policy.
The BSIMM is designed to help you understand, measure, and plan a software security initiative. The BSIMM was created by observing and analyzing real-world data from leading software security initiatives.