In many organizations, security leaders are balancing network, software, endpoint, even physical security as part of their responsibilities. They must balance budget and resources across all areas. Most don't have specific expertise in the evolving requirements of software security—nor are they expected to.
Traveling with a group will motivate you to pick up the pace. Working together, a team will share the load and make everyone’s pack lighter. The right team can make the difference between a painful slog and an incredible adventure.
A software security group, or SSG—an assigned group with full time responsibility—identifies software security as a specific area of cyber risk, managed by a team who understands the unique challenges of acquiring, creating, deploying, and managing secure software.
Having an SSG is a clear indicator of software security maturity, according to the Building Security In Maturity Model (BSIMM). All BSIMM participants that implement the most advanced risk management activities have an SSG.
A well-functioning software security group can lower the cost of a cyber attack. Companies that employ expert security staff can reduce cyber crime costs by an average of $1.5 million. Those that appoint a high-level security leader reduce costs by an average of $1.3 million.