ABSTRACT
The success metrics specify example measurements that can be used to check whether an organization is performing at the given level. Open Software Assurance Maturity Model offers a roadmap and a well-defined maturity model for secure software development and deployment, along with useful tools for self-assessment and planning. Building Security In Maturity Model (BSIMM) indicates that software security groups should emphasize security education and mentoring rather than policing for security errors. BSIMM has been updated over the course of its lifetime; in its ninth edition, it includes new activities that have been added to clearly show that appsec in the cloud is becoming mainstream and indicates that activities observed among independent software vendors, suggesting that common cloud architectures require similar software security approaches. BSIMM provides a way to assess the state of an organization, and demonstrate progress. Not all organizations need to reach the same security goals, but by applying BSIMM, all organizations can be measured with the same yardstick.
