Software Security Framework

Brian Chess and I just published an article on the Software Security Framework displayed below.
| Governance | Intelligence | SDL Touchpoints | Deployment |
|---|---|---|---|
| Strategy and Metrics | Attack Models | Architecture Analysis | Penetration Testing |
| Compliance and Policy | Security Features and Design | Code Review | Software Environment |
| Training | Standards and Requirements | Security Testing | Configuration Management and Vulnerability Management |
Our plan is to use this framework to build a maturity model for software security by interviewing executives running many of the top ten large-scale software security initiatives. Please check out the article, and stay tuned for more.

