On May 12th, Gary McGraw and his teams from Cigital and Fortify Software released version 2 of the Building Security in Maturity Model (BSIMM). It triples the size of the software security practices analyzed by the study to a total of 30. EMC was part of the nine software security practices studied by the original BSIMM and we are delighted to see the study expanded.
The number of participants in BSIMM2 underscores how software assurance has become an integral part of the way large organizations develop software. The sharing of working software assurance controls through initiatives like BSIMM makes it easier for software development organizations of all sizes to implement similar controls. This is the main reason why EMC is a founding member of SAFECode and is also part of the BSIMM Advisory Board.
BSIMM2 gives a good starter kit to building a software security practice along with others such as the SAFECode reports or Microsoft’s Security Development Lifecycle references.