Enterprise Architecture: From Incite comes Insight...

James McGovern is an industry thought leader whose focus is on the human aspects of technology around open source, SOA, software security, enterprise architecture and agile software development.

Monday, March 23, 2009

Building Security In Maturity Model

The Building Security In Maturity Model (BSIMM) is designed to help you understand and plan a software security initiative. BSIMM was created through a process of understanding and analyzing real-world data from nine leading software security initiatives. Though particular methodologies differ (e.g. OWASP CLASP, Microsoft's SDL or Cigital Touchpoints) many initiatives share common ground, so don't get caught up in academic methodology analysis and instead focus on the essence and ability to enable the strategic intent of your business which includes the unstated need to be secure...

# posted by James McGovern @ 8:45 AM

Superstar Blogs

• James Tarbell
• Chris Swan
• Entropy Gradient Reversals
• Joho the Blog
• Citizens of the American Constitution
• Embracing Genocide

Thought Leadership Blogs

• Richard Stallman
• John Udell
• Loosely Coupled
• Eric Newcomer
• Bruce Schneier
• Radovan Janecek
• Scott Woodgate
• Jeff Schneider
• Graham Glass
• Werner Vogel
• Seth Godin
• Christopher Baus
• Bram Cohen
• Mark Cuban
• David A. Chappell
• Ismael Ghalimi
• John Newton
• Todd Biske
• The Agile Elephant

Enterprise Architect Blogs

• Scott Mark
• Enterprise Armchair
• Charles T. Betz
• Bhagvan Kommadi
• James Melzer
• Clarke Scott
• Dion Hinchcliffe
• Jim Webber
• John Gotze
• Christopher Petrilli
• Nick Malik

Trinidad Blogs

• Solace
• Taran Rampersad
• TriniMuse

Industry Analyst Blogs

• Jamie Lewis
• Richard Veryard
• James Governor
• Stephen O'Grady
• Brenda Michelson
• Dan Blum
• Michael Cote
• Raven Zachary
• Alex Fletcher
• Alan Pelz-Sharpe
• Macehiter Ward-Dutton
• Bruce Silver
• Stowe Boyd
• Martin Brampton
• Bob Blakley
• Dean Bubley
• Eric Ogren
• Heidi Biggar
• Nick Gall
• Anne Zelenka
• Patricia Seybold
• Guy Creese

Venture Capital Blogs

• Ed Sim
• David Beisel

Open Source Blogs

• James Strachan
• ServiceMix Blog (Open Source ESB)
• Roberto Galoppini

Identity Blogs

• Radovan Semancik
• Shekhar Jha
• Pat Patterson
• Sara Gates
• Greg Hagen
• Mark Dixon
• Identity Corner
• Kim Cameron
• Andre Durand

Security Blogs

• Peter Gregory
• Gunnar Peterson
• Brian Chess
• Mark O'Neill
• Tao Security

Computer Book Authors Blogs

• Dave Taylor
• Mitch Tulloch
• David A. Chappell
• Mark C. Little
• JP Morgenthal
• Bruce Eckel
• Yakov Fain

Folks from my past

• Sameer Tyagi
• Dan Bernier

Links to my other Blogs

• Investorati
• Stop the Bushitler
• Bringing IT jobs back to America
• Insulting Observations
• Blog of the McGovern family

Folks I mentor

• James Robertson
• Gary Short
• Obie Fernandez
• David Heinemeier Hansson
• Justin Gehtland
• Eric Stewart
• Stefan Tilkov
• Matt Secoske
• Rupert Fozz

Links

• Blogroll Me!

Worthy Charities

• Not in my name
• Stand to Reason
• America's Second Harvest
• Doctors without Borders
• Palestine Red Crescent Society
• Enough is Enough!

Recommended Reading (Business)

Recommended Reading (Technical)

Archives

• January 2001
• November 2001
• April 2003
• July 2005
• August 2005
• September 2005
• October 2005
• November 2005
• December 2005
• January 2006
• February 2006
• March 2006
• April 2006
• May 2006
• June 2006
• July 2006
• August 2006
• September 2006
• October 2006
• November 2006
• December 2006
• January 2007
• February 2007
• March 2007
• April 2007
• May 2007
• June 2007
• July 2007
• August 2007
• September 2007
• October 2007
• November 2007
• December 2007
• January 2008
• February 2008
• March 2008
• April 2008
• May 2008
• June 2008
• July 2008
• August 2008
• September 2008
• October 2008
• November 2008
• December 2008
• January 2009
• February 2009
• March 2009
• April 2009
• May 2009
• June 2009
• July 2009
• August 2009
• November 2009
• January 2010
• February 2010
• March 2010
• April 2010
• May 2010
• June 2010
• July 2010
• August 2010
• September 2010
• October 2010
• November 2010
• December 2010
• January 2011
• February 2011
• March 2011
• April 2011
• May 2011
• June 2011
• August 2011
• September 2011
• October 2011
• November 2011
• December 2011
• January 2012
• February 2012
• March 2012
• April 2012
• May 2012
• June 2012
• July 2012
• August 2012
• September 2012
• October 2012
• November 2012
• December 2012
• January 2013
• February 2013
• March 2013
• April 2013
• May 2013
• December 2013
• January 2014
• February 2014

Memorable Posts

• The real meaning of Enterprise Architect
• Rationalization is a trap!
• Building Open Source Analysis Communities
• Management by Magazine

donate... Find an international organization or project. Select Focus Arts Children Conflict Resolution Disaster Relief Economic Development Education Environment Gender & Equality Health Human Rights Microfinance Poverty Technology Select Country Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, The Democratic Republic of The Cook Islands Costa Rica Croatia Cuba Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands (Malvinas) Faroe Islands Fiji Finland France French Guiana French Polynesia Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guinea Guinea-Bissau Guyana Haiti Holy See (Vatican City State) Honduras Hong Kong Hungary Iceland India Indonesia Iran, Islamic Republic of Iraq Ireland Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati Korea, North Korea, South Kuwait Kyrgyzstan Lao People'S Democratic Republic Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia, Federated States of Moldova, Republic of Monaco Mongolia Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory, Occupied Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Reunion Romania Russian Federation Rwanda Saint Helena Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia and Montenegro Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa Spain Sri Lanka Sudan Suriname Swaziland Sweden Switzerland Syrian Arab Republic Taiwan, Province of China Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States United States Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Viet Nam Virgin Islands, British Virgin Islands, U.S. Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe