Software development is often an unguided missile. Coding standards are seldom in place and developers decide what framework and libraries they will use for the implementation of their applications.

However, there are several excellent guidelines available which clearly describes the required measures to integrate security aspects in all software development steps. Personally speaking, I recommend the BSIMM guideline because it comes up with a maturity model and provides excellent benchmark metrics.

The table below contains a tailored, secure software development process according to BSIMM.


In this example the company decided to reach a higher maturity in implementation and test phases while analysis and design phases a lower maturity is sufficient.

More than 75 companies around the world are using BSIMM and those regularly provide their benchmark metrics. In the finance sector, the maturity level is between 1.8 and 2.8. Businesses who decide to switch to BSIMM could therefore easily compare their current maturity with their competitors.

Also, regulatory authorities such as MAS have already policies in place which specifies that some secure software development tasks such as code review and security testing have do be conducted pre-production.

Therefore, keep doing the good work and integrate security aspects in your software development chain.


Posted by JM

Resourceful, solution-focused and intuitive reliability engineer with over 15 years of demonstrated success in architecting, developing and maintaining effective testing and monitoring solutions. Offers a wealth of knowledge and experience surrounding modern application architecture and development of best practices.

One Comment

  1. […] the source code. If you are not familiar with secure software development processes please read this […]



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s