Beyond ISO 27034 - Intel's Product Security Maturity Model (PSIMM)

Every software development company needs a solid product security program. Just because they are compliant with the ISO 27034: Application Security standard doesn't mean they are doing it well. Compliance vs. Security. Hiring outside vendors and consultants to measure the maturity of their program is costly.

Intel Security's Product Security Group has developed a simple yet powerful maturity model that measures how well the software security program is being run and how well engineering is implementing security. We use it daily as we build security into each Intel product.

Harold Toomey, Software Security Architect at Intel

Software Security Architect with extensive experience in information security technologies, enterprise product management, software development, and electrical & computer engineering. I spent my first 10 years coding enterprise security software solutions, my next 11 years interfacing with customers and telling engineers what to build, and two years of using software solutions in an IT operational environment. I now do Product Security, ensuring that our own source code is free of vulnerabilities and writing security bulletins when issues are discovered externally.