Abstract
Standards, models, frameworks and guidelines have been developed for secure software development such as Building Security In, SSE-CMM, Microsoft SDL, and OpenSAMM. Current standards and models provide guidance for particular areas such as threat modelling, risk management, secure coding, security testing, verification, patch management, configuration management etc. However, there is not a generally accepted model for a secure software development lifecycle. Building Security In provides an objective evaluation methodology to validate that a product satisfies a specified set of security requirements. In this paper Building Security In secure software development approach is examined and compared with other well-known standards and models.