Intelligence

Creating corporate knowledge used in software security activities throughout the organization

Intelligence includes those practices that result in collections of corporate knowledge used in carrying out activities throughout the organization. Collections include both proactive security guidance and organizational threat modeling.

Attack Models

Attack Models capture information used to think like an attacker: threat modeling, abuse case development and refinement, data classification, and technology-specific attack patterns.

Learn more

Security Features & Design

The Security Features & Design practice is charged with creating usable security patterns for major security controls (meeting the standards defined in the Standards & Requirements practice), building middleware frameworks for those controls, and creating and publishing proactive security guidance.

Learn more

Standards & Requirements

The Standards & Requirements practice involves eliciting explicit security requirements from the organization, determining which COTS to recommend, building standards for major security controls (such as authentication, input validation, and so on), creating security standards for technologies in use, and creating a standards review board.

Learn more

BSIMM12 Has Launched—Don’t Miss the Latest Findings

Download the latest BSIMM

The BSIMM is designed to help you understand, measure, and plan a software security initiative. The BSIMM was created by observing and analyzing real-world data from leading software security initiatives.

Useful Links

About BSIMM

About BSIMM

Privacy & Legal

This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License