The BSIMM Nouveau Has Arrived


Gary McGraw’s team at Cigital just released version 4 of the BSIMM, the Building Security In Maturity Model. BSIMM is a survey of how software development organizations across many industries approach software security. It provides a good picture of the arsenal of techniques available to software security practitioners. EMC has been associated with BSIMM since its first release; we were one of the nine firms surveyed when the model was first built. We are delighted to see that the survey has grown to 50+ firms without major changes to the model. It tells me that we are certainly focusing the right activities.

My preferred addition to the BSIMM4 model is the new activity related to malicious code detection, an important area of our product security practice. It is an acknowledgement that the risk created by software does not solely come from unintentional mistakes made by developers or architects, but can also be intentional or malicious. I would not be surprised to see future releases of the BSIMM model add more activities related to software integrity. If you are interested in this area, I recommend the SAFECode report “Overview of Software Integrity Controls”.

To paraphrase a wine connoisseur, I can tell you that this BSIMM nouveau is a good cru.

Continue Reading
Would you like to read more like this?

Related Posts

Click to Load More
All comments are moderated. Unrelated comments or requests for service will not be published, nor will any content deemed inappropriate, including but not limited to promotional and offensive comments. Please post your technical questions in the Support Forums or for customer service and technical support contact Dell EMC Support.