Application Security – Missed Plots Redefined – BSIMM

How often we develop poorly but try to secure the application at the perimeter level? Is this even possible?

Regardless of the whatever the methodologies being applied for SDLC; there are certain things the team must focus on enforcing the cyber security. Whether you are on Agile, Waterfall or CICD; these “things” must not e skipped.

The Software Security Team/Group

For the past one and half decade there were no such people dedicated for the software security. People thought that lateral application testing would secure them. But no longer that omelet gonna serve and save at late night dinner.

The Software Security Team is dedicated team is responsible for above mentioned tasks. But how to build up a such capable team for the development life cycle when “Security” is more taught from the Network level than the Code level? Cyber Security professionals with coding skills are the answer.

There is going to be a great demand for such people in near future. How many network people can learn to code? and how many developers can learn to network?

If you have a bad idea how much it would cost to change your mind? 🙂

BSIMM – Building Security Into Maturity Model

BSIMM is being evolved over the time to over come these skill gaps with defined Phases and Activities. 12 Phases are further well defined for 120 Activities.

Current version is 10. Yes, the Model is a decade old!

Available at : https://www.bsimm.com/download.html



Leave a Reply

Your email address will not be published.

  • Tuning Up the Interface for Sniffing

    https://cromwell-intl.com/open-source/performance-tuning/ethernet.html Share on Facebook Tweet Follow us Save


  • Application Security – Missed Plots Redefined – BSIMM

    How often we develop poorly but try to secure the application at the perimeter level? Is this even possible? Regardless of the whatever the methodologies being applied for SDLC; there are certain things the team must focus on enforcing the cyber security. Whether you are on Agile, Waterfall or CICD; these “things” must not e […]


  • Network Technologies and Tools

    Install and configure network components, both hardware and software-based, to support organizational security. Firewall / UTM NIDS / NIPS VPN Concentrator Firewalls Isolate one network from another A network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules […]