Gary McGraw vychází ve svých formulacích z BSIMM4 (
The Building Security In Maturity Model). Tento rámec pro SW bezpe?nost je rozd?len do dvanácti okruh?:
- Governance (Intelligence, SSDL Touchpoints, Deployment)
- Strategy and Metrics (Attack Models, Architecture Analysis,Penetration Testing)
- Compliance and Policy (Security Features and Design, Code Review,Software Environment)
- Training (Standards and Requirements, Security Testing, Configuration Management and Vulnerability Management)