Um artigo interessante sobre o tema:
Software [In]security: BSIMM2
By Gary McGraw, Brian Chess, Sammy Migues, Elizabeth Nichols
May 12, 2010
"The Building Security In Maturity Model (BSIMM, pronounced "bee simm") is an observation-based scientific model directly describing the collective software security activities of thirty software security initiatives. (...)
BSIMM2 is the second iteration of the BSIMM project. The original BSIMM described the software security initiatives underway in nine firms. Since the release of the original model in March 2009, the size of the study has tripled.
BSIMM2 can be used as a measuring stick for software security. As such, it is useful for comparing software security activities observed in a target firm to those activities observed among the thirty firms (or various subsets of the thirty firms). A direct comparison using the BSIMM is an excellent tool for devising a software security strategy.