Building Security: Software Assurance Maturity Model Report (Assessment)

Exclusively available on Available only on IvyPanda® Made by Human No AI

Introduction

BSIMM (Building Security in Maturity Model) and OpenSAMM (Software Assurance Maturity Model) are the two frameworks that are designed to protect certain software and are used predominately by companies or other organizations. It is essential to differentiate the given models and understand their primary functions to implement them appropriately in various situations. The following paper is intended to discuss and determine how the adoption of either BSIMM or OpenSAMM might improve an organization’s overall security posture.

OpenSAMM

It is necessary to state that there is no unique model for every company. Nevertheless, OpenSAMM is designed to assist organizations of various sizes (from small to large) as its system is flexible and gives customers an opportunity to implement it at any level of development (Merkow & Raghavan, 2010). The primary resources offered by OpenSAMM aim at the points listed below:

  • Evaluation of existing software security processes used by an organization (Chandra, 2008)
  • The building of properly balanced and optimized security assistance programs
  • Demonstrating significant improvements to the program of security assurance
  • The identification of an organization’s various activities is somehow related to software security.

OpenSAMM might contribute and improve an organization’s overall security posture by the fact that it can be implemented by an entire company, a separate business line, and even a minor individual project at the same moment (Chandra, 2008). Such activity gives workers the ability to perform their primary responsibilities without being concerned about the safety of their software or files. To obtain a better idea of the model’s philosophy, it would be proper to list the principles that were considered by people who contributed to its development, which are the following:

  • The behavior of any organization has a tendency to change over time. Therefore, SAMM is designed to maintain software security for an extended period in unpredictable conditions.
  • There is no design that would address the needs of every company (Mijnhardt, Baars, & Spruit, 2016). According to this statement, SAMM focuses on the flexibility of its services and gives users an opportunity to set their own standards or options.
  • Every security activity must remain simple to use. This factor is sometimes crucial as users might spend more time on setting the model, instead of making it useful for their projects from the first seconds of using it.

As it is mentioned above, OpenSAMM helps different organizations to build software security assurance programs. Usually, such companies already have particular experience in this area and strive to develop new security technologies (Jaatun, Cruzes, Bernsmed, Tøndel, & Røstad, 2015). There are several roadmaps available for the discussed purposes. Choosing from them, a company might prefer using the most appropriate systems and adjust them to their needs afterward.

BSIMM

Before discussing the system and implementation of the BSIMM model, it would be proper to state that it provides approximately one hundred and thirteen activities that any organization might apply in practice. By giving more opportunities and choices to use the same model, the developer company gains authority and ensures more convenient conditions to exploit the product (McGraw, Migues, West, & Chess, 2013). However, the adoption of BSIMM is supposed to improve the overall security posture of an organization that requires it by involving its architecture group. It appears that engaging SSG (software security group) with architecture groups is beneficial because the latter team is not only responsible for security. Instead, it is responsible for decent performance, scalability, and availability.

Moreover, BSIMM employees claim that their SSG is participating in the process of software designing and provides pointers to particular middleware frameworks or common secure-by-design libraries. It would be proper to mention that the BSIMM SSG is able to solve certain problems or difficulties at the first level of any project process (McGraw et al., 2013). Such a methodology implies the elimination of various errors in the further work and functioning of any system.

It is necessary to emphasize the fact that BSIMM created and set its security standards that allow employees and developers of the company to adjust their final products to their personal requirements, which improves the quality of the provided services (Park, 2015). Also, the organization uses secure coding standards to avoid different breakages in its system that must give its customers reliable security services. Nowadays, the company’s workers study the advantages of architecture analysis that might prevent high risks in the work of various applications in the future.

Conclusion

Both Building Security In Maturity Model (BSIMM) and Open Software Assurance Maturity Model (SAMM) is designed to help different organizations keep their data and important information secure from possible side interventions. Nevertheless, every system has its advantages and disadvantages. In turn, OpenSAMM focuses on collaboration with a wide range of companies. Therefore, they try to develop such services that are flexible and can be adjusted almost to any needs of their users. On the other hand, the main goal of BSIMM is creating a reliable and high-performance security model that can accomplish any task and mission required by the organization that uses its services and offers.

References

Chandra, P. (2008). Software assurance maturity model. Software Testing and Quality Assurance, 1(1), 546-580. Web.

Jaatun, M. G., Cruzes, D. S., Bernsmed, K., Tøndel, I. A., & Røstad, L. (2015). Software security maturity in public organisations. Lecture Notes in Computer Science Information Security, 1(1), 120-138. Web.

McGraw, G., Migues, S., West, J., & Chess, B. (2013). Building security in maturity model. Web.

Merkow, M. S., & Raghavan, L. (2010). Secure and resilient software development. Boca Raton, FL: CRC Press.

Mijnhardt, F., Baars, T., & Spruit, M. (2016). Organizational characteristics influencing SME information security maturity. Journal of Computer Information Systems, 56(2), 106-115. Web.

Park, J. (2015). Security design for information protection system using BSIMM. Journal of the Korea Institute of Information Security and Cryptology, 25(6), 1541-1547. Web.

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2020, December 25). Building Security: Software Assurance Maturity Model. https://ivypanda.com/essays/building-security-software-assurance-maturity-model/

Work Cited

"Building Security: Software Assurance Maturity Model." IvyPanda, 25 Dec. 2020, ivypanda.com/essays/building-security-software-assurance-maturity-model/.

References

IvyPanda. (2020) 'Building Security: Software Assurance Maturity Model'. 25 December.

References

IvyPanda. 2020. "Building Security: Software Assurance Maturity Model." December 25, 2020. https://ivypanda.com/essays/building-security-software-assurance-maturity-model/.

1. IvyPanda. "Building Security: Software Assurance Maturity Model." December 25, 2020. https://ivypanda.com/essays/building-security-software-assurance-maturity-model/.


Bibliography


IvyPanda. "Building Security: Software Assurance Maturity Model." December 25, 2020. https://ivypanda.com/essays/building-security-software-assurance-maturity-model/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
Privacy Settings

IvyPanda uses cookies and similar technologies to enhance your experience, enabling functionalities such as:

  • Basic site functions
  • Ensuring secure, safe transactions
  • Secure account login
  • Remembering account, browser, and regional preferences
  • Remembering privacy and security settings
  • Analyzing site traffic and usage
  • Personalized search, content, and recommendations
  • Displaying relevant, targeted ads on and off IvyPanda

Please refer to IvyPanda's Cookies Policy and Privacy Policy for detailed information.

Required Cookies & Technologies
Always active

Certain technologies we use are essential for critical functions such as security and site integrity, account authentication, security and privacy preferences, internal site usage and maintenance data, and ensuring the site operates correctly for browsing and transactions.

Site Customization

Cookies and similar technologies are used to enhance your experience by:

  • Remembering general and regional preferences
  • Personalizing content, search, recommendations, and offers

Some functions, such as personalized recommendations, account preferences, or localization, may not work correctly without these technologies. For more details, please refer to IvyPanda's Cookies Policy.

Personalized Advertising

To enable personalized advertising (such as interest-based ads), we may share your data with our marketing and advertising partners using cookies and other technologies. These partners may have their own information collected about you. Turning off the personalized advertising setting won't stop you from seeing IvyPanda ads, but it may make the ads you see less relevant or more repetitive.

Personalized advertising may be considered a "sale" or "sharing" of the information under California and other state privacy laws, and you may have the right to opt out. Turning off personalized advertising allows you to exercise your right to opt out. Learn more in IvyPanda's Cookies Policy and Privacy Policy.

1 / 1