BSIMM7: Older then, younger now
As the BSIMM (Building Security In Maturity Model) gets older, it is also getting younger.
With the release of the seventh version of the software security measurement tool, launched in 2009 by Cigital CTO Gary McGraw along with colleague Sammy Migues, and Brian Chess, then of Fortify Software, the average “maturity” of the membership is declining, said McGraw.
The goal from the beginning has been to help software developers use real-world data and analysis designed to build security into their products from the start, rather than try to bolt it on later.
As McGraw said at the time, “It doesn’t tell you what you should do. It tells you what other people are already doing.”