Membership

WHY JOIN THE BSIMM?

Open public standard for software security activities

A measuring stick to determine where your software security initiative stands

Descriptive, not prescriptive, results

A large data pool against which to compare your own initiative

A comprehensive list of activities found in dozens of software security initiatives

An active BSIMM Community to engage with year-round, including at the annual conference

WHO ARE BSIMM MEMBERS?

BSIMM9 firms

The 120 participating organizations are drawn from eight well-represented verticals (with some overlap): financial services, independent software vendors, technology, healthcare, cloud, Internet of Things, insurance, and retail.

Verticals with lower representation in the BSIMM population include telecommunications, security, and energy. Those companies who graciously agreed to be identified include the following:

HOW DO I GET INVOLVED?

The most important use of the BSIMM is as a measuring stick to determine where your approach currently stands relative to other firms. We’ll help you do this by noting which activities you already have in place and using “activity coverage” to determine level and build a scorecard. We also provide a chart that compares your own maturity high-water mark to the averages we have published. This enables you to see clearly how your initiative stacks up against your peers'.

If you’re interested in participating in the BSIMM study, your data will need to be collected carefully in an intensive, in-person interview process.

Let's talk

Already a member? Log in to the community.

The BSIMM is designed to help you understand, measure, and plan a software security initiative. The BSIMM was created by observing and analyzing real-world data from leading software security initiatives.

Useful Links

About BSIMM

Privacy & Legal

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 License