Using the Software Security Framework (SSF) introduced in October, we interviewed nine executives running top software security programs in order to gather real data from real programs. Our goal is to create the Building Security In Maturity Model (BSIMM) based on these data. In this column we begin to dig into the maturity model itself, starting with a discussion of nine software security activities that all of the programs we studied carry out as part of their initiatives. The BSIMM skeleton covers 110 activities, each paired directly with an objective.
Source: https://threatpost.com/software-insecurity-nine-things-everybody-does-software-security-activities-bsimm-040709/72526/