Real-World Software Security

Real-World Software Security

Short for Building Security In Maturity Model, BSIMM is a research project documenting the actual secure development practices used at large companies like Adobe, Bank of America, Capital One, EMC, Google, Intel, Microsoft, Symantec, VMware, and Wells Fargo. BSIMM researchers watch developers and track each time they observe one of 109 different activities, such as getting upper management buy-in or using code signing. The project then plots those activities on a spider graph.

Companies can now download the BSIMM2 model for free and use it to measure their own development activities. By plotting their activities versus the averages, they can then see how their software security efforts stack up.

View article


About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

About Our Journalist