Owasp Samm on Bill Brown:Thoughts and Reference Material Onlinehttps://www.billbrown.info/tags/owasp-samm/Recent content in Owasp Samm on Bill Brown:Thoughts and Reference Material OnlineHugo -- gohugo.ioenBillBrown.infoSat, 20 Jun 2026 00:00:00 +0000Software Security Maturity Models: A Source Reviewhttps://www.billbrown.info/post/software-security-maturity-models-a-source-review/Sat, 20 Jun 2026 00:00:00 +0000https://www.billbrown.info/post/software-security-maturity-models-a-source-review/ <!-- SOURCE: ISSC662/forum4/Brown_Week_4_ Research_Paper_Annotated_References - Copy (2).docx --> <h2 id="software-security-maturity-models-a-source-review">Software Security Maturity Models: A Source Review</h2> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1012089347386563" crossorigin="anonymous"></script> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-1012089347386563" data-ad-slot="9168865232" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> <h2 id="building-security-in-maturity-model-bsimm">Building Security in Maturity Model (BSIMM)</h2> <p>The Building Security in Maturity Model (BSIMM), is a guideline that outlines 113 activities organized into 12 different sections which assist in the software security framework. The document is broken into two parts. The first part includes the history of BSIMM, how an organization can take advantage of BSIMM and how data gathered from the organizations that have taken on BSIMM. The second section or part of the document as described by McGraw, Miguess, &amp; West (2017) at a high level focuses on four domains. The domains include governance, intelligence, Software Security Development Lifecycle (SSDL) touchpoints and deployment of the software security framework. The governance section includes strategy &amp; metrics, compliance and policy, and training. The Intelligence section discusses attack models, security features &amp; design and the standards and requirements sections. The SSDL section of the document delves into architecture analysis, software coder reviews and the testing of the security code. The final section focuses on the deployment of software. The deployment section of the document includes the penetration tests, software environment and configuration and vulnerability management.</p>Comparing BSIMM and SAMM Software Security Modelshttps://www.billbrown.info/post/comparing-bsimm-and-samm-software-security-models/Fri, 19 Jun 2026 00:00:00 +0000https://www.billbrown.info/post/comparing-bsimm-and-samm-software-security-models/ <!-- SOURCE: ISSC662/forum7/Brown_Week_7_Research_Paper.docx --> <h2 id="comparing-bsimm-and-samm-software-security-models">Comparing BSIMM and SAMM Software Security Models</h2> <p>The role of the information assurance security program as described by Sadiku, Alam, &amp; Musa (2017) is the practice of protecting and defending information systems by ensuring their availability, confidentiality, integrity, authentication, and non-repudiation. Information assurance is increasing in importance as threats abound in the connected and distributed information sharing networking and information systems. Many organizations do not know how mature there information assurance and security program, process and the procedure is. Implementing an Information Security Assurance Capability Maturity Model (ISA-CCM) can assist the organization in maturing the information assurance and security program as described by Security Horizon. (2012). The Capability Maturity Model (CMM) does not assist an organization in how things are not operating correctly but provides a roadmap for the organization to change the culture as Krebs (2015) points out.</p>