The Software Security Framework (SSF)

The table below is a clickable version of the Software Security Framework. There are twelve practices organized into the four domains of Governance, Intelligence, SSDL Touchpoints, and Deployment. Click on a domain to see its description below. The 12 practices are used to organize the 112 BSIMM activities. Click on a practice to see both its "skeleton" and the details for all activities it contains. Note that all examples given in activity descriptions are real examples drawn from field observation.

The Software Security Framework (SSF)
Governance Intelligence SSDL Touchpoints Deployment
Strategy and Metrics Attack Models Architecture Analysis Penetration Testing
Compliance and Policy Security Features and Design Code Review Software Environment
Training Standards and Requirements Security Testing Configuration Management and Vulnerability Management