Re: 30 Different CMMs out there, including Security...

Joachim Feise (
Thu, 09 Apr 1998 21:12:23 -0700

Rohit Khare wrote:
> So it's enlightening to hear that per our brainstorm last fall, there *is* a
> System Security Engineering CMM. I'm looking forward to hearing about it in
> this talk.
> The meta-CMM, the maturity model maturity model, also seems worth a look-see.
> Rohit

Did you ever take a look at the Capability Im-Maturity Model

The Capability Maturity Model (CMM) provides a framework to guide and measure
software engineering improvement efforts by enabling organizations to assess
their software engineering capabilities at one of the five levels of software
process maturity. In the CMM, the higher the level your organization is assessed
at the better (in theory) your organization is at consistently producing
software that fulfills specifications, is on time and is under budget. This
tongue-in-cheek article extends the existing five levels downward by describing
additional levels of process maturity (or im-maturity). Each of the new lower
levels has a characteristic behavior associated with it that defines the level
(Negligent, Obstructive, Contemptuous, Undermining). It is my hope that this
article will help us recognize these aberrant behaviors within ourselves and our