Sorry, not available in this language yet
Evaluate your software security initiative using an open public standard for software security activities
Measure how your SSI efforts stack up against others also trying to secure their software portfolios
Communicate your software security posture to your customers, partners, and regulators, with independent assessment data to back it up
Navigate the evolution of your SSI
See a comprehensive list of activities found in dozens of software security initiatives
The participating organizations primarily represent eight verticals (with some overlap): financial services, independent software vendors, technology, healthcare, cloud, Internet of Things, insurance, and retail.
Verticals with lower representation in the BSIMM population include telecommunications, security, and energy. These companies graciously agreed to be identified:
The most important use of the BSIMM is as a measuring stick to determine where your approach currently stands relative to other firms. We’ll help you do this by noting which activities you already have in place and using “activity coverage” to determine levels and build a scorecard. We also provide a chart that compares your maturity high-water mark to the averages we’ve published, showing you clearly how your initiative stacks up against others also trying to secure their software portfolios.
If you’re interested in participating in the BSIMM study, we’ll need to collect your data carefully in an intensive, in-person interview process.