Certainly, we are all concerned about security issues with your software. The Building Security in Maturity Model (BSIMM) understands this. They started the BSIMM project in March of 2009 as a joint effort between Cigital and Fortify Software. They record what organizations are doing to build security into their software and organizations. While they began with nine companies, they now have 30 participating organizations, according to Gary McGraw, the CTO of security consulting firm Cigital.
McGraw says that the BSIMM team has seen 109 activities that the 30 organizations are doing to secure their software, clearing indicating that companies are taking a great deal of measures to guarantee the security of their software products. These include 12 main categories which include everything from training to code review.
If you are a software innovator, you may want to download BSIMM2 to compare the safety measures that you are taking to those that other groups are using. If you’re just beginning to look into your security model, BSIMM2 is certainly a good place to begin to see what others before you have been doing.