The annual Building Security in Maturity Model (BSIMM) aims to help give enterprise a yardstick to measure security posture. The fifth iteration of the model is now out and adds just a single new practice to what last year’s BSIMM advocated.
Jacob West, CTO for enterprise security products at Hewlett-Packard, is a co-author of the 2013 BSIMM and explained to eWEEK that the new 2013 model includes 112 best-practice activities for security. The single new activity added this year is a recommendation for organizations to have a bug-bounty program. These bug-bounty programs encourage security researchers to responsibly disclose software vulnerabilities, and in return, vendors provide rewards