Software Integrity Blog

Archive for the 'Maturity Model (BSIMM)' Category


The hidden costs and risks of free puppies (and open source)

SCA tools are an essential part of your AppSec toolkit, because free and open source software—just like free puppies—comes with hidden costs and risks.

Continue Reading...

Posted in Featured, Maturity Model (BSIMM), Open Source Security, Software Composition Analysis


From mainframes to connected cars: How software drives the automotive industry

The automotive industry runs on software—but with increased software use comes an increased attack surface. Making safe, reliable vehicles starts with building secure software. Dr. Gary McGraw explains the importance of secure design principles and how to take the first step toward automotive software security. The original version of this article was published in The Security […]

Continue Reading...

Posted in Automotive Security, Maturity Model (BSIMM), Software Architecture and Design


Retail joins the BSIMM—finally

The BSIMM—Building Security In Maturity Model—is now into its 10th year of being a self-described “measuring stick for software security” for multiple industries. But there are still newcomers—this year it’s retail. Ten retail firms participated in BSIMM9, which tracks the development of SSIs (software security initiatives) by organization based on 116 possible activities, grouped into […]

Continue Reading...

Posted in Maturity Model (BSIMM)


Automation: One of the keys to DevSecOps

Automation is one of the keys to consistent and meaningful AppSec adoption in an evolving world. Many organizations have taken the first step in integrating their development and operations teams to drive more efficient delivery of applications and innovation to the market. They have come a long way by aligning around the shared goal of […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Maturity Model (BSIMM)


Webinar: BSIMM9: Here’s what’s new!

In our on-demand webinar with Mike Ware (Synopsys), you’ll learn what makes our latest observations of real-life software security initiatives in BSIMM9 so exciting.

Continue Reading...

Posted in Maturity Model (BSIMM), Webinars


BSIMM9: Not a how-to but a roadmap to a better SSI

You’ve probably seen the commercials. Different situations but always the same theme. In one of them, a guy tells his neighbor, “I need to get my roof repaired. Do you know any contractors?” “Uh, yeah, I might,” the neighbor replies. “Great,” says the first guy. “Can you do a free background check on him for […]

Continue Reading...

Posted in Maturity Model (BSIMM)


BSIMM9 by the numbers

Over the past ten years, we’ve studied dozens of security activities performed by real-life firms to measure the software security practices used in organizations of different sizes, in different verticals, and at different levels of maturity. Quantifying these practices in the Building Security In Maturity Model (BSIMM) allows us to describe the common areas shared […]

Continue Reading...

Posted in Infographic, Maturity Model (BSIMM)


BSIMM9: Hot off the presses and better than ever

Have you heard of the BSIMM? If you have, you know it’s the best way to measure your software security initiative (SSI) year after year to see how it’s evolving and how you compare to your peers. If you haven’t, you’re in luck: The latest version is out now, and it’s notably different from last […]

Continue Reading...

Posted in Maturity Model (BSIMM), Software Security Initiative (SSI)


Verizon DBIR puts security burden on users

The 2018 Verizon Data Breach Investigations Report (DBIR)—the 11th annual exhaustive collection of good advice and (mostly) bad news—which dropped a couple of weeks ago, doesn’t contain any major surprises about the state of online security. The number of confirmed breaches—at least the ones reported by 67 contributors globally—was 2,216, among 53,308 “real-world incidents.” In […]

Continue Reading...

Posted in Data Breach, Maturity Model (BSIMM), Software Architecture and Design


Fault Injection Podcast: Sammy Migues introduces BSIMM8

Fault Injection is a podcast from Synopsys that digs deep into software quality and security issues. This week, hosts Robert Vamosi, CISSP and security strategist at Synopsys, and Chris Clark, principal security engineer at Synopsys, interview Sammy Migues, principal scientist here at Synopsys, about the new Building Security In Maturity Model (BSIMM) 8 report. You […]

Continue Reading...

Posted in Maturity Model (BSIMM), Podcasts