Gary McGraw, Cigital CTO, just began an enthusiastic program promoting the newest version of the Building Security In Maturity Model (BSIMM-V).
BSIMM is an observation-based measuring stick for software security. 67 firms are involved in the BSIMM community. If your organization is not involved, you can join and compare your maturity against these 67 firms (and against your peers), along 111 software development activities.
There is no reason for me to summarize the excellent announcement at “Software [In]Security: BSIMM-V Does a Number on Secure Software Dev.” Read it. Review BSIMM-5. And think about “what next” for you.
Financial Services enterprises have obligations to demonstrate a level of due diligence that disallows “auto-pilot” software security. BSIMM-V is an excellent resource to begin building security into your applications, or to measure and enhance your efforts already underway.
Software [In]Security: BSIMM-V Does a Number on Secure Software Dev.
Build Security In Maturity Model.
BSIMM4 measures and advances secure application development.