Category Archives: BSIMM

BSIMM: A Descriptive Model of Software Security

Gary McGraw discusses prescriptive vs. descriptive models, and why/how BSIMM helps model the reality of software security initiatives in our industry.

Building Security In Maturity Model (BSIMM)

A lot has been said about what companies *should do* to build secure software. Ever wonder what companies *really do*? Now you can — the Building Security In Maturity Model (BSIMM) recently went public.