Governance

Organizing, managing, and measuring a software security initiative

Governance includes those practices that help organize, manage, and measure a software security initiative. Staff development is also a central governance practice.

Strategy & Metrics

The Strategy & Metrics practice encompasses planning, assigning roles and responsibilities, identifying software security goals, determining budgets, and identifying metrics and software release conditions.

Learn more

Compliance & Policy

The Compliance & Policy practice is focused on identifying controls for compliance regimens such as PCI DSS and HIPAA, developing contractual controls such as SLAs to help control COTS software risk, setting organizational software security policy, and auditing against that policy.

Learn more

Training

Training has always played a critical role in software security because software developers and architects often start with little security knowledge.

Learn more

The BSIMM is designed to help you understand, measure, and plan a software security initiative. The BSIMM was created by observing and analyzing real-world data from leading software security initiatives.

Useful Links

About BSIMM

Privacy & Legal

This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License