- BSIMM-V does a number on secure software dev, SearchSecurity.com (October 29, 2013)
- BSIMM4 measures and advances secure application development, SearchSecurity.com (May 10, 2013)
- Proactive defense prudent alternative to cyberwarfare, SearchSecurity.com (November 1, 2012)
- BSIMM study expands scope, identifies new software security activities, SearchSecurity.com (September 17, 2012)
- Data supports need for security awareness training despite naysayers, SearchSecurity.com (September 4, 2012)
- vBSIMM Take Two (BSIMM for Vendors Revised), InformIT (January 26, 2012)
- BSIMM versus SAFECode and Other Kaiju Cinema, InformIT (December 26, 2011)
- Third-Party Software and Security, InformIT (November 30, 2011)
- BSIMM3, informIT (September 27, 2011)
- Software Security Zombies, informIT (July 21, 2011)
- vBSIMM (BSIMM for Vendors), informIT (April 12, 2011)
- Software Security in Practice, IEEE Security & Privacy (March/April 2011)
- Real-World Software Security, Dr. Dobbs (August 6, 2010); see also: InformationWeek.
- BSIMM2: Measuring the Emergence of a Software Security Community, informIT (May 12, 2010)
- What Works in Software Security, informIT (February 26, 2010)
- Cargo Cult Computer Security, informIT (January 28, 2010)
- You Really Need a Software Security Group, informIT (December 21, 2009)
- BSIMM Europe, informIT (November 10, 2009)
- BSIMM Begin, informIT (September 24, 2009)
- Measuring Software Security, informIT (June 18, 2009)
- The Building Security In Maturity Model (BSIMM), Confessions of a Software Security Alchemist, informIT (March 16, 2009)
- A Software Security Framework: Working Towards a Realistic Maturity Model informIT (October 15, 2008)
BSIMM-V Activities - October 2013
Included here are all BSIMM-V activities in spreadsheet format to allow ease of use.
BSIMM-V Scorecard - October 2013
Included here is the BSIMM-V Earth (67) scorecard in spreadsheet format.
Building Security In Maturity Model presentation - January 2014
This is the standard slide deck we are using for BSIMM presentations. Versions of this talk have been delivered all over the world to many audiences including the DHS Software Assurance Meetings, FS-ISAC, Cylab, several OWASP conferences, RSA, secappdev and multiple others.