A prescriptive open source software security maturity model designed to guide strategies tailored to an organization’s specific risks.