The Software Assurance Maturity Model (SAMM) is an open framework to help organizations devise and implement an application security strategy that is tailored to its specific needs and requirements. The resources provided by this model allows the evaluation of the organization’s existing security practices, before helping it to build a balanced application security program with
Build Security in Maturity Model (BSIMM) is a software security measurement framework that helps organizations gauge their software security and build a maturity model based on actual data gathered from real-world software security initiatives. What is inside the BSIMM? It describes 112 activities that have been organized in 12 different practices according to a software
MISRA C is a dedicated software development standard for the C programming language developed by MISRA. Its aims are to facilitate code safety, portability and reliability in the context of embedded systems, specifically those systems programmed in ISO C. There is also a set of guidelines for MISRA C++ programming language. Additional Reading: Motor
HIPAA defines how electronic (online) healthcare and administrative transactions should be executed by companies providing health plans and other health care provisions. This American legislation was signed by Bill Clinton in 1996 and has five main sections that cover the various aspects that need to be taken into consideration for full compliance. Additional Reading:
The PCI DSS consists of a set of requirements that help create a secure environment for all companies that process, store or transmit credit card information. It was created jointly in 2004 by four major credit-card companies: Visa, MasterCard, Discover and American Express. It’s now considered the cornerstone of financial sector application security. Additional
The SANS 25 list is a widely recognized AppSec benchmark. The vulnerabilities listed here are linked directly to their respective CWE origins. This means you can get an in-depth view into the vulnerability data (remediation costs, code samples, attack frequency, etc) just with a single click, something that can definitely assist with your remediation efforts.
The Open Web Application Security Project (OWASP) is an open-source appsec community. Its goal is to increase application security awareness. OWASP is the source behind the industry standard OWASP Top 10. More and more companies from various industrial sectors are embracing this vulnerability list, which consistently encompasses today’s most critical security flaws. OWASP Top 10 2013 and OWASP Mobile Top 10