Why do I need a software security group?

In many organizations, security leaders are balancing network, software, endpoint, even physical security as part of their responsibilities. They must balance budget and resources across all areas. Most don't have specific expertise in the evolving requirements of software security—nor are they expected to.

A software security group, or SSG—an assigned group with full time responsibility—identifies software security as a specific area of cyber risk, managed by a team who understands the unique challenges of acquiring, creating, deploying, and managing secure software.

Having an SSG is a clear indicator of software security maturity, according to the Building Security In Maturity Model (BSIMM). All BSIMM participants that implement the most advanced risk management activities have an SSG.

A well-functioning software security group can lower the cost of a cyber attack. Companies that employ expert security staff can reduce cyber crime costs by an average of $1.5 million. Those that appoint a high-level security leader reduce costs by an average of $1.3 million.