Building Security In Maturity Model
BSIMM is a descriptive maturity model built from studying the real software security initiatives of many large firms, cataloging which activities they actually perform. Unlike prescriptive models, it tells you what your peers do so you can compare your program against industry practice. Organizations use BSIMM assessments to justify budgets and steer their secure development programs.