Fatima is a security consultant assessing an organization's software development practices. She recommends adopting the Building Security In Maturity Model (BSIMM) to enhance application security. Which of the following BEST describes how BSIMM helps improve security in software development?