Secure and Resilient Software Development: BSIMM and Open SAMM Report

Verified

Added on 2022/11/24

AI Summary

This report provides an overview of secure and resilient software development, focusing on the Building Security In Maturity Model (BSIMM) and the Software Assurance Maturity Model (Open SAMM). It explores the roles of these models in establishing a secure software maturity model. The report examines the agile principles in software development and highlights the importance of adopting security activity models. It details the four domains of BSIMM (governance, intelligence, SSDL touchpoints, and deployments) and explains how Open SAMM helps organizations develop software security strategies. The report also discusses the adoption of Open SAMM to enhance an organization's overall security posture, including self-assessment and integration of security into the software development lifecycle. The conclusion emphasizes the significance of Open SAMM in addressing outsourcing security and ensuring software quality throughout the development cycle.

Running head: SECURITY AND RESILIENCY SOFTWARE
Secure and Resilient Software Development
Name of the student:
Name of the university:
Author note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1SECURITY AND RESILIENCY SOFTWARE
Table of Contents
Introduction:....................................................................................................................................2
Discussion:.......................................................................................................................................2
BSIMM........................................................................................................................................2
Open SAMM...............................................................................................................................3
Adoption of Open SAMM helping to improve organization’s overall security posture:............3
Conclusion:......................................................................................................................................4
References:......................................................................................................................................5

2SECURITY AND RESILIENCY SOFTWARE
Introduction:
While developing any software product, maintaining its development process is one of
the important aspects in software development. Thus while completing in the marketplace; it is
essential to use some kind of software security model that will help the developers in assessing
the effectiveness of the capabilities of the software developed by improving its performance
further (Nazareth & Choi, 2015). This report discusses about the two types of major security
models consisting of the BSIMM and Open SAMM model and their respective role in providing
a secure software maturity model. The report will also discuss about the adoption of Open
SAMM security model in order to improve the overall security posture of organizations towards
development of secure and resilient software.
Discussion:
In today’s world, development of agile principles for software development has become
very much popular. In order to develop secured software, it is essential to adopt software security
activity models like the Building Security In Maturity Model (BSIMM) and the Software
Assurance Maturity Model (Open SAMM).
BSIMM
BSIMM is one of the prevailing software safety ingenuities that helps in enumerating the
practices of altered administrations by a unique data driven approach. The best possible way to
use the BSIMM software security model is by contrasting the initiatives with that of the data of
other organizations (Merkow & Raghavan, 2010). The software security framework of BSIMM
consists of four domains such as governance, intelligence, SSDL touch points and Deployments.

3SECURITY AND RESILIENCY SOFTWARE
BSIMM plays as a fundamental resource for building up solid foundation of software security by
improving the security initiatives (Jaatun et al., 2015). It is one of the consistent, systematic
approaches in order to classify and understand the real data related to the actual activities of
securing organizations consciously.
Open SAMM
The Software Assurance Maturity Model is a type of open structure security model
helping establishments to formulate and develop strategies required for software security in order
to tailor the risks that are faced within organizations (Wen, 2017). The Open SAMM helps in
evaluating the existing practices of software security while developing a balanced software
security program. It also helps in demonstrating the improvements that are needed to secure a
program in software development concretely. The security framework model of Open SAMM is
a type of flexible framework that can be utilized by organizations of all sizes using any style of
software development.
Security software metrics plays an important role while developing secure software and
needs to be considered from the very initial stage so as to assess the risks efficiently (Miessler.
2015). A well-developed security metrics should have the primary considerations including-
decision enabling, tangible, data backed, narrative supporting and many more. It is essential that
the software security models abide by the security metrics in order to encompass the planning
and assigning roles and responsibilities with the identified metrics and gates.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4SECURITY AND RESILIENCY SOFTWARE
Adoption of Open SAMM helping to improve organization’s overall security
posture:
The Open SAMM model is one of the quick and easy model to deploy within
organization to help them in improving software security by building suitable assurance program
depending on the organizations structure and understanding. The Open SAMM model allows
organizations to carry out their self-assessment with proper guidance in gaining valuable insights
based on the software assurance model (McGraw, 2015). While adopting the model, the
organization can demonstrate concrete improvements required for the security assurance
program of the software development lifecycle. The plans under the software security model
include mapping associated with the existing standards like ISO, PCI and many more. In order to
adopt the Open SAMM organizations need to go through complete strategies for establishing
association wide retreat program while assimilating security into the lifecycle of software
expansion.
Conclusion:
Thus it can be concluded that the Open SAMM framework is used to address the
outsourcing security under various security practices. Implementation of Open SAMM helps in
investing more time depending on the resources through thorough requirement analysis while
assessing the threats faced during dealing with the third party vendors. Adopting software’s
security model within organization plays a distinct relationship in ensuring the software quality.
It is one of the most efficient way to achieve secure software during the development cycle of a
software and also through its entire deployment and sustainable practices.

5SECURITY AND RESILIENCY SOFTWARE
References:
Jaatun, M. G., Cruzes, D. S., Bernsmed, K., Tøndel, I. A., & Røstad, L. (2015, September).
Software security maturity in public organisations. In International Conference on
Information Security (pp. 120-138). Springer, Cham.
McGraw, G. (2015). Software security and the building security in maturity model
(BSIMM). Journal of Computing Sciences in Colleges, 30(3), 7-8.
Merkow, M. & Raghavan, L., L. (2010). Secure and Resilient Software Development. Boca
Raton, Florida: CRC Press
Miessler. D. (2015). An information security metrics primer.. Retrieved from
https://danielmiessler.com/study/information-security-metrics/.
Nazareth, D. L., & Choi, J. (2015). A system dynamics model for information security
management. Information & Management, 52(1), 123-134.
Wen, S. F. (2017, November). Software security in open source development: A systematic
literature review. In 2017 21st Conference of Open Innovations Association (FRUCT)(pp.
364-373). IEEE.