Here we explain a bit about maturity models, look at how they've been used for cyber security, and explain why the NCSC is no longer supporting the IA Maturity Model (IAMM) introduced in 2008.
In this post I propose that the software development community should work on developing and then standardising security-related libraries that focus on what the developer is trying to achieve.