Gary McGraw, InformIT

Software [In]security: Nine Things Everybody Does: Software Security Activities from the BSIMM

From InformIT (Gary McGraw)  
This article originally appeared on as part of Gary McGraw’s Software [In]Security series.

Using the Software Security Framework (SSF) introduced in October, we interviewed nine executives running top software security programs in order to gather real data from real programs.Our goal is to create the Building Security In Maturity Model (BSIMM) based on these data, and we’re busy going over what we’ve built with the executives who run the nine initiatives (stay tuned here for more).