Home > Free Essays > Tech & Engineering > Computer Security > Building Security: Software Assurance Maturity Model
Cite this

Building Security: Software Assurance Maturity Model Report (Assessment)


Introduction

BSIMM (Building Security in Maturity Model) and OpenSAMM (Software Assurance Maturity Model) are the two frameworks that are designed to protect certain software and are used predominately by companies or other organizations. It is essential to differentiate the given models and understand their primary functions to implement them appropriately in various situations. The following paper is intended to discuss and determine how the adoption of either BSIMM or OpenSAMM might improve an organization’s overall security posture.

OpenSAMM

It is necessary to state that there is no unique model for every company. Nevertheless, OpenSAMM is designed to assist organizations of various sizes (from small to large) as its system is flexible and gives customers an opportunity to implement it at any level of development (Merkow & Raghavan, 2010). The primary resources offered by OpenSAMM aim at the points listed below:

  • Evaluation of existing software security processes used by an organization (Chandra, 2008)
  • The building of properly balanced and optimized security assistance programs
  • Demonstrating significant improvements to the program of security assurance
  • The identification of an organization’s various activities is somehow related to software security.

OpenSAMM might contribute and improve an organization’s overall security posture by the fact that it can be implemented by an entire company, a separate business line, and even a minor individual project at the same moment (Chandra, 2008). Such activity gives workers the ability to perform their primary responsibilities without being concerned about the safety of their software or files. To obtain a better idea of the model’s philosophy, it would be proper to list the principles that were considered by people who contributed to its development, which are the following:

  • The behavior of any organization has a tendency to change over time. Therefore, SAMM is designed to maintain software security for an extended period in unpredictable conditions.
  • There is no design that would address the needs of every company (Mijnhardt, Baars, & Spruit, 2016). According to this statement, SAMM focuses on the flexibility of its services and gives users an opportunity to set their own standards or options.
  • Every security activity must remain simple to use. This factor is sometimes crucial as users might spend more time on setting the model, instead of making it useful for their projects from the first seconds of using it.

As it is mentioned above, OpenSAMM helps different organizations to build software security assurance programs. Usually, such companies already have particular experience in this area and strive to develop new security technologies (Jaatun, Cruzes, Bernsmed, Tøndel, & Røstad, 2015). There are several roadmaps available for the discussed purposes. Choosing from them, a company might prefer using the most appropriate systems and adjust them to their needs afterward.

BSIMM

Before discussing the system and implementation of the BSIMM model, it would be proper to state that it provides approximately one hundred and thirteen activities that any organization might apply in practice. By giving more opportunities and choices to use the same model, the developer company gains authority and ensures more convenient conditions to exploit the product (McGraw, Migues, West, & Chess, 2013). However, the adoption of BSIMM is supposed to improve the overall security posture of an organization that requires it by involving its architecture group. It appears that engaging SSG (software security group) with architecture groups is beneficial because the latter team is not only responsible for security. Instead, it is responsible for decent performance, scalability, and availability.

Moreover, BSIMM employees claim that their SSG is participating in the process of software designing and provides pointers to particular middleware frameworks or common secure-by-design libraries. It would be proper to mention that the BSIMM SSG is able to solve certain problems or difficulties at the first level of any project process (McGraw et al., 2013). Such a methodology implies the elimination of various errors in the further work and functioning of any system.

It is necessary to emphasize the fact that BSIMM created and set its security standards that allow employees and developers of the company to adjust their final products to their personal requirements, which improves the quality of the provided services (Park, 2015). Also, the organization uses secure coding standards to avoid different breakages in its system that must give its customers reliable security services. Nowadays, the company’s workers study the advantages of architecture analysis that might prevent high risks in the work of various applications in the future.

Conclusion

Both Building Security In Maturity Model (BSIMM) and Open Software Assurance Maturity Model (SAMM) is designed to help different organizations keep their data and important information secure from possible side interventions. Nevertheless, every system has its advantages and disadvantages. In turn, OpenSAMM focuses on collaboration with a wide range of companies. Therefore, they try to develop such services that are flexible and can be adjusted almost to any needs of their users. On the other hand, the main goal of BSIMM is creating a reliable and high-performance security model that can accomplish any task and mission required by the organization that uses its services and offers.

References

Chandra, P. (2008). Software assurance maturity model. Software Testing and Quality Assurance, 1(1), 546-580. Web.

Jaatun, M. G., Cruzes, D. S., Bernsmed, K., Tøndel, I. A., & Røstad, L. (2015). Software security maturity in public organisations. Lecture Notes in Computer Science Information Security, 1(1), 120-138. Web.

McGraw, G., Migues, S., West, J., & Chess, B. (2013). Building security in maturity model. Web.

Merkow, M. S., & Raghavan, L. (2010). Secure and resilient software development. Boca Raton, FL: CRC Press.

Mijnhardt, F., Baars, T., & Spruit, M. (2016). Organizational characteristics influencing SME information security maturity. Journal of Computer Information Systems, 56(2), 106-115. Web.

Park, J. (2015). Security design for information protection system using BSIMM. Journal of the Korea Institute of Information Security and Cryptology, 25(6), 1541-1547. Web.

This assessment on Building Security: Software Assurance Maturity Model was written and submitted by your fellow student. You are free to use it for research and reference purposes in order to write your own paper; however, you must cite it accordingly.
Removal Request
If you are the copyright owner of this paper and no longer wish to have your work published on IvyPanda.
Request the removal

Need a custom Assessment sample written from scratch by
professional specifically for you?

Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar
Writer online avatar

certified writers online

GET WRITING HELP
Cite This paper

Select a referencing style:

Reference

IvyPanda. (2020, December 25). Building Security: Software Assurance Maturity Model. Retrieved from https://ivypanda.com/essays/building-security-software-assurance-maturity-model/

Work Cited

"Building Security: Software Assurance Maturity Model." IvyPanda, 25 Dec. 2020, ivypanda.com/essays/building-security-software-assurance-maturity-model/.

1. IvyPanda. "Building Security: Software Assurance Maturity Model." December 25, 2020. https://ivypanda.com/essays/building-security-software-assurance-maturity-model/.


Bibliography


IvyPanda. "Building Security: Software Assurance Maturity Model." December 25, 2020. https://ivypanda.com/essays/building-security-software-assurance-maturity-model/.

References

IvyPanda. 2020. "Building Security: Software Assurance Maturity Model." December 25, 2020. https://ivypanda.com/essays/building-security-software-assurance-maturity-model/.

References

IvyPanda. (2020) 'Building Security: Software Assurance Maturity Model'. 25 December.

More related papers
Pss... Stuck with your
assignment? 😱
Support
Online
Pss... Stuck with your assignment? 😱
Do you need an essay to be done?
What type of assignment 📝 do you need?
How many pages (words) do you need?
What’s your deadline? ⏰ Let's see if we can help you!