An updated version (version 3) of the Building Security In Maturity Model was released this week by Cigital.
BSIMM started in 2008, as an inventory and classification of the software security practices used by practitioners across multiple industries. The updated version includes measurement from 42 firms, including 11 that have been measured twice. As a result, the inventory of software security activities has increased to 109, demonstrating that software security is an evolving field and that there is not one single way to skin the software security cat.
EMC was one of the nine firms measured by Cigital as part of the original BSIMM study and we are one the 11 firms in BSIMM 3 that have been measured twice. For us, sharing our software security practices with the industry is part of our industry outreach strategy that led us to become a co-founder of SAFECode in 2007. Enabling IT providers to improve their software security practices is an acknowledgement that the security of our customers’ products and solutions is more than the security of a single vendor’s products.