- Silicon Design & Verification
- Products
- Solutions
- Resources
- Services
- Community
- Training
- Silicon IP
- Products
- Markets
- Newsletter
- Customer Success
- News
- Resources
- Software Integrity
- Tools & Services
- Solutions
- Training
- Customers
- Resources
- Partners
- Blog
- Company
- About Us
- Investor Relations
- Community
- Newsroom
- Resources
- Careers
< Silicon Design & Verification
Silicon Design & Verification
< Products
< Products
< Products
< Products
< Products
< Products
< Products
< Products
< Silicon Design & Verification
< Solutions
< Solutions
Cloud
Synopsys in the Cloud
< Solutions
< Solutions
< Solutions
< Solutions
Photonic Solutions
RSoft Photonic Device Tools
Photonic System Tools
PIC Design Software
OptoCompiler
< Silicon Design & Verification
< Resources
< Resources
Verification
Articles
Blogs
Datasheets
Events
News
Newsletters
Success Stories
Videos
Webinars
White Papers
< Resources
< Silicon Design & Verification
< Services
< Services
< Services
< Silicon Design & Verification
< Community
Community
Community Overview
< Community
< Community
< Community
< Community
< Silicon Design & Verification
< Training
< Silicon Design & Verification
Training
Training and Education
< main menu
< Silicon IP
Silicon IP
< Products
< Products
Processor Solutions
ARC Processor IP
Embedded Vision Processor IP
Development Tools
Operating Systems
Ecosystem
ASIP Tools
< Products
Memories & Libraries
Logic Libraries
Memory Compilers
Duet Packages
HPC Design Kit
PVT Sensors
Non-Volatile Memory
< Products
< Products
Analog IP
Data Converters
< Products
< Products
< Products
< Silicon IP
< Markets
< Silicon IP
Newsletter
< Silicon IP
Customer Success
< Silicon IP
News
< Resources
< Resources
< main menu
< Software Integrity
Software Integrity
< Tools & Services
< Tools & Services
< Tools & Services
< Solutions
< Solutions
< Software Integrity
< Training
< Training
Product Education
< Training
Community
< Software Integrity
< Software Integrity
Customers
< Resources
< Resources
< Software Integrity
< Software Integrity
Partners
< Software Integrity
Blog
< main menu
< About Us
Company
< About Us
< About Us
About Us
About Us
< Investor Relations
< About Us
Investor Relations
Investor Relations
< Community
< About Us
Community
Community
< Newsroom
< About Us
Newsroom
Newsroom
< Resources
< About Us
Resources
Resources
< Careers
< About Us
Careers
Careers
< main menu
Applying the BSIMM to Managing Risk in the Software Supply Chain
The BSIMMsc has now seen nearly eight years of use in real-world scenarios. Organizations use it primarily to separate vendors into three groups:
- Those who are clueless about software security and need encouragement to take it seriously.
- Those who have immature processes that result in software that sometimes passes a penetration test, but usually doesn’t.
- Those who clearly have the software security fundamentals for consistently generating high-quality software over time and for resilient operations that facilitate quick response when bad things happen.
Download the white paper
This white paper shows how the BSIMMsc leverages attestation and automation to function as a foundational security control for software supply chain risk management. If the BSIMM is a yardstick for an enterprise’s software security initiative, the BSIMMsc is a six-inch ruler focused on a specific risk management concern.
