Payment Card Industry (PCI) Security Standards Council: The PCI Security Standards Council is a global open body formed to develop, enhance, disseminate and assist with the understanding of security standards for payment account security.
Australian Signals Directorate, Department of Defense: ASD provides information security advice and services mainly to Australian federal and state government agencies. ASD also works closely with industry to develop and deploy secure cryptographic products.
Build Security In Maturity Model: BSIMM quantify the activities carried out by real software security initiatives in order to help the wider software security community plan, carry out and measure initiatives of their own.
Center for Internet Security: The Center for Internet Security is dedicated to enhancing the cybersecurity readiness and response among public and private sector entities
Cyber Security & Information Systems Information Analysis Center (CSIAC): The CSIAC is chartered to leverage best practices and expertise from government, industry, and academia on cyber security and information technology.
DHS Build Security In: The Department of Homeland Security’s Software Assurance Program seeks to reduce software vulnerabilities, minimize exploitation, and address ways to improve the routine development and deployment of trustworthy software products.
DHS Cybersecurity: The DHS has the lead for the federal government for securing civilian government computer systems, and works with industry and state, local, tribal and territorial governments to secure critical infrastructure and information systems.
EDUCAUSE Library: The mission of EDUCAUSE is to advance higher education through the use of information technology.
European Union Agency for Network and Information Security: ENISA is actively contributing to a high level of network and information security (NIS) within the Union, since it was set up in 2004, to the development of a culture of NIS in society and in order to raise awareness of NIS, thus contributing to proper functioning of the internal market.
Mitre Common Vulnerabilities and Exposures (CVE): The CVE standardizes the names for all publicly known vulnerabilities and security exposures. The site is hosted by the Mitre Corporation.
NIST Computer Security Research Center (NIST CSRC): The CSRC guides users to NIST resources on computer, cyber, and information security and privacy.
National Security Agency (NSA) Information Assurance Directorate (IAD): NSA’s Information Assurance Directorate (IAD) provides customers with a wealth of knowledge and support for establishing and improving their information assurance and cybersecurity for networks and systems. The IAD.Gov website acts as a home for publicly available resources and guidance offered by IAD.
Open Software Assurance Maturity Model (OpenSAMM): Since the initial release of SAMM, this project has become part of the Open Web Application Security Project (OWASP).
SAFECode.org: SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services.
SANS Institute Online: The SANS (System Administration, Networking, and Security) Institute is a cooperative research and education organization.
Software Engineering Institute Computer Emergency Response Team (SEI CERT): The CERT® Coordination Center (CERT/CC) is a center of Internet security expertise, at the Software Engineering Institute, a federally funded R&D center operated by Carnegie Mellon University.
US Computer Emergency Readiness Team (US-CERT) Publications: US-CERT accepts, triages, and collaboratively responds to incidents; provides technical assistance to information system operators; and disseminates timely notifications regarding current and potential security threats and vulnerabilities.