Segurança de software como processo

Dois novos documentos sobre o assunto:

The Building Security In Maturity Model 2


The Building Security In Maturity Model (BSIMM, pronounced “bee simm”) is designed to help you understand, measure, and plan a software security initiative. The BSIMM was created by observing and analyzing real-world data from thirty leading software security initiatives. The BSIMM can help you determine how your organization compares to other real-world software security initiatives and what steps can be taken to make your approach more effective.

The most important use of the BSIMM is as a measuring stick to determine where your approach to software security currently stands relative to other firms.

http://bsimm2.com/



Microsoft Security Development Lifecycle (SDL) 5.0

The Microsoft Security Development Lifecycle (SDL) process guidance illustrates the way Microsoft applies the SDL to its products and technologies. It includes security and privacy requirements and recommendations for secure software development at Microsoft. It addresses SDL guidance for Waterfall and Spiral development, Agile development, web applications and Line of Business applications. IT policy makers and software development organizations can leverage this content to enhance and inform their own software security and privacy assurance programs.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7d8e6144-8276-4a62-a4c8-7af77c06b7ac