What we do

It's easy to get started with the BSIMM.

Get measured

How does your software security initiative stand up to your goals?

Compare your SSI to that of other firms in your industry

How does your initiative fare compared to others in the same space?

Bring science to security

Use real data to drive your software security initiative.

BSIMM firms

BSIMM10 data comes from 122 participating organizations mostly in these well-represented industries (with some overlap):

  • financial services,
  • independent software vendors,
  • technology,
  • healthcare,
  • the cloud,
  • the Internet of Things (IoT), and
  • insurance.

Industries with lower representation in the BSIMM data pool include telecommunications, security, retail, and energy.

Independent Software Vendor
Internet of Things

What people say about the BSIMM

Since 2008, the BSIMM has served as an effective tool for understanding how organizations of all shapes and sizes, including some of the most advanced security teams in the world, are executing their software security strategies. The current BSIMM data reflect how many organizations are adapting their approaches to address the new dynamics of modern development and deployment practices, such as shorter release cycles, increased use of automation, and software-defined infrastructure.

Jim Routh | Head of enterprise information risk management at MassMutual

Download the latest BSIMM study

Get the latest information on software security measurement from the most recent BSIMM study.

BSIMM10 report download