This document discusses evaluating source code security. It begins by establishing goals around understanding basic security concepts, collaborative security, and iterative improvements. It then discusses threats to source code like theft, exposure of vulnerabilities or trade secrets. The document outlines establishing goals and teams to improve source code security through defining policies, standards, procedures and assessments. It discusses understanding the current environment through scoping, diagrams, data classification and tools. The document summarizes EMC's analysis of security capabilities in common source code repositories and observes that most systems can be made secure through configuration and add-ons.