Abstract
Around the turn of the 21st century, practices began to emerge to guide teams toward engineering software to stop attackers and users from utilizing unintended functionality by violating the system designer’s assumptions to cause a security breach. Yet, breaches are reported daily in the news in all domains—from the casual to the critical. The goal of this article is to help software engineers, software engineering educators, and security researchers understand opportunities for education and research through an analysis of current software security practices. The analysis is conducted on data on the use of a subset of 113 software security practices by 109 firms over 42 months, as reported in the Building Security In Maturity Model (BSIMM) Version 8 report. This article is part of a theme issue on software engineering’s 50th anniversary.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
