What we do

It's easy to get started with the BSIMM.

Get measured

How does your software security initiative stand up to your goals?

Compare your SSI to that of other firms in your industry

How does your initiative fare compared to others in the same space?

Bring science to security

Use real data to drive your software security initiative.

BSIMM firms

BSIMM11 data comes from 130 participating organizations, mostly from these well-represented industries:

  • Financial services
  • FinTech
  • Independent software vendors
  • Technology
  • Retail
  • Healthcare
  • Cloud
  • Internet of Things (IoT)
  • Insurance

Industries with lower representation in the BSIMM data pool include telecommunications, security, retail, and energy.

Independent software vendor
Internet of Things

What people say about the BSIMM

"Since 2008, the BSIMM has served as an effective tool for understanding how organizations of all shapes and sizes, including some of the most advanced security teams in the world, are executing their software security strategies. The current BSIMM data reflects how many organizations are adapting their approaches to address the new dynamics of modern development and deployment practices, such as shorter release cycles, increased use of automation, and software-defined infrastructure."

Jim Routh | Head of enterprise information risk management at MassMutual

Download the latest BSIMM study

Get the latest information on software security measurement from the most recent BSIMM study.

BSIMM report download