Category Archives: Program Implementation

Establishing Effective Static Analysis Capabilities

Planning to establish or reboot a static analysis capability this year? Use this simple framework to plan a new implementation or reflect on an existing program to improve maturity.
Over the years, we’ve learned that there are four primary dimensions to any static analysis capability:

Solution Architecture
Policy
Application On-Boarding
Vulnerability Management

It doesn’t matter if you’re considering building an in-house [...]

BSIMM: A Descriptive Model of Software Security

Gary McGraw discusses prescriptive vs. descriptive models, and why/how BSIMM helps model the reality of software security initiatives in our industry.

Building Security In Maturity Model (BSIMM)

A lot has been said about what companies *should do* to build secure software. Ever wonder what companies *really do*? Now you can — the Building Security In Maturity Model (BSIMM) recently went public.