a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost
open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization