If you play a role in your organization’s software security program, you already know that there’s no shortage of things to do to improve your firm’s security activities.
To bring security priorities into focus, the Building Security In Maturity Model (BSIMM) highlights the 113 most commonly observed software security activities. The BSIMM thus enables experts like you to discover what other organizations are doing for security, how activities are deployed and how well those activities are currently working, how they worked in the past, and how well they’re likely to work in the future.
Sammy Migues, Principal Scientist at Synopsys, will discuss how to marry BSIMM activities to a strategy enabling you to build a viable security program. Sammy bases his insights on over 300 in-depth assessments that he has conducted within the BSIMM and 30+ years of industry expertise.
The BSIMM is one of the best yardsticks available today for measuring how your software security initiative (SSI) stacks up against the rest of your industry peers. The BSIMM also provides concrete details to show your executive team and board how your security efforts are making a difference.
By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variation that makes each unique. The BSIMM isn’t a ‘how to’ guide, nor is it a one-size-fits-all prescription. Instead, the study acts as a reflection of software security.
It’s important to note that simply implementing BSIMM activities like a checklist doesn’t necessarily mean a successful security program. It takes a carefully thought out strategy to efficiently include new software security activities and to ensure existing activities continue to be applied properly.