BSIMM — the Building Security In Maturity Model — is a set of best practices for software security. Cigital and Fortify developed the model by analyzing real-world data from nine leading software security initiatives. The model is broken into 12 categories software makers can follow: Strategy and metrics, compliance and attack models. BSIMm: Employing one dedicated security practitioner for every 100 software developers on a staff is a good way to keep tabs on the best practices, experts say. The new model is based on common areas of success, such as security testing and compliance.”]
Source: https://www.csoonline.com/article/2123781/a-new-hope-for-software-security-.html