Security Features & Design (BSIMM6 Part 6)

"If I have seen further than others, it is by standing upon the shoulders of giants." - Isaac Newton TL;DR: The Security Features & Design practice is the second of three practices in the...

Attack Models (BSIMM6 Part 5)

"A good decision is based on knowledge and not on numbers." - Plato TL;DR: The Attack Model practice is the first of three practices in the BSIMM6 Intelligence domain. The goal of this pr...

Software Security Training (BSIMM6 Part 4)

“Without continual growth and progress, such words as improvement, achievement, and success have no meaning." – Benjamin Franklin TL;DR: The Software Security Training practice is the thi...

Compliance & Policy (BSIMM6 Part 3)

“Surround yourself with the best people you can find, delegate authority, and don't interfere as long as the policy you've decided upon is being carried out.” – Ronald Reagan TL;DR: The C...

Strategy & Metrics (BSIMM6 Part 2)

“There is nothing so useless as doing efficiently that which should not be done at all.” – Peter F. Drucker TL;DR: The Strategy & Metrics practice is the first practice of the BSIMM6 Gove...

Building Security In Maturity Model (BSIMM) - Part 1

However beautiful the strategy, you should occasionally look at the results. - Winston Churchill Software security is becoming a major concern for organisations around the world, but more often ...