Security News > 2020 > October > BSIMM11 Observes the Cutting Edge of Software Security Initiatives
If you want to improve the security of your software-and you should-then you need the Building Security In Maturity Model, an annual report on the evolution of software security initiatives.
The BSIMM examines software security activities, or controls, on which organizations are actually spending time and money.
Because while in some organizations tracked in the BSIMM there is only a small, centralized software security group focused primarily on governance, in a growing number of cases engineering teams now perform many of the software security efforts, including CloudSec, ContainerSec, DeploymentSec, ConfigSec, SecTools, OpsSec, and so on.
Few organizations so far have completely harmonized centralized governance software security efforts and engineering software security efforts into a cohesive, explainable, defensible risk management program.
Using the cloud effectively also means outsourcing to the cloud vendor at least parts of your security architecture, feature provisioning, and other software security practice areas that are traditionally done locally.
As the BSIMM notes, "Cloud providers are 100% responsible for providing security software for organizations to use, but the organizations are 100% responsible for software security."