The Building Security In Maturity Model (BSIMM, pronounced “bee simm”) is designed to help you understand, measure, and plan a software security initiative. The BSIMM-V was created by observing and analyzing real-world data from sixty-seven software security initiatives. It is freely available and is licensed under the Creative Commons Attribution-Share Alike 3.0 License. The BSIMM can help you determine how your organization compares to other real-world software security initiatives and what steps can be taken to make your approach more effective. The most important use of the BSIMM is as a measuring stick to determine where your approach to software security currently stands relative to other firms.
This talk will give an overview of the BSIMM and discuss how it can be used as a measurement tool for your organization, for your vendors, and paired with other security measurement methods.