What we do

It's easy to get started with the BSIMM.

Get measured

How does your software security initiative stand up to your goals?

Compare yourself to your peers

How does your initiative fare compared to others in the same space?

Bring science to security

Use real data to drive your software security initiative.

BSIMM firms

BSIMM9 data comes from 120 participating organizations mostly in these well-represented industries (with some overlap):

  • financial services,
  • independent software vendors,
  • technology,
  • healthcare,
  • the cloud,
  • the Internet of Things (IoT), and
  • insurance.

Industries with lower representation in the BSIMM data pool include telecommunications, security, retail, and energy.

Independent Software Vendor
Internet of Things

What people say about the BSIMM

With BSIMM you not only get an impressive snapshot of security best practices—taken from 67 real firms. You also get a benchmark for your own development process that helps you to identify the gaps, fill them, and move to the next level. As a security enthusiast, I love the BSIMM and all it stands for.

Markus Schumacher  |  Virtual Forge 

Download the latest BSIMM study

Get the latest information on software security measurement from the most recent BSIMM study.

BSIMM Download