Justice League Blog

Software Security Framework

Posted On October 15, 2008 by gem

Brian Chess and I just published an article on the Software Security Framework displayed below.

Governance Intelligence SDL Touchpoints Deployment
Strategy and Metrics Attack Models Architecture Analysis Penetration Testing
Compliance and Policy Security Features and Design Code Review Software Environment
Training Standards and Requirements Security Testing Configuration Management and Vulnerability Management

Our plan is to use this framework to build a maturity model for software security by interviewing executives running many of the top ten large-scale software security initiatives. Please check out the article, and stay tuned for more.

This entry was posted in Software Security. Bookmark the permalink.
« »
  • http://www.multicians.org/thvv/tvv-home.html Tom Van Vleck

    This is good and useful. I would trya different set of rows to see what happens:
    MODEL, POLICY, PROCEDURE, TOOL. See http://www.multicians.org/thvv/vvcomb.html

    The security MODEL is the identification of actors, interests, and relationships: the “piping digram” if you will.

    Security POLICY states the goal. That is, what flows we want in the pipes.

    There may be many PROCEDUREs but each should be justified by pointing to the policies it supports.

    Then we can talk about how the procedures are mechanized by TOOLs.

  • Tilly

    Can you explain the difference between framework and model

  • http://www.cigitial.com/~gem gem

    Hi Tilly,

    The Framework is very much like a grid in Archeology. Think of it as conceptual stakes and string defining “squares” where we discover (or observe) activities. You can read about the Framework and why we built it here: http://www.informit.com/articles/article.aspx?p=1271382

    The Model is the actual observed data. You should read the BSIMM itself for that which you can find here: http://bsi-mm.com/

    The BSIMM itself is infinitely more important than the Framework.

    Hope that helps.

    gem

Recent Posts

Categories

Recent Comments

Download Our Media Kit