Membership

WHY JOIN THE BSIMM?

Evaluate your software security initiative using an open public standard for software security activities

Measure how your SSI efforts stack up against others also trying to secure their software portfolios

Communicate your software security posture to your customers, partners, and regulators, with independent assessment data to back it up

Navigate the evolution of your SSI

See a comprehensive list of activities found in dozens of software security initiatives

WHO ARE BSIMM MEMBERS?

BSIMM firms

The participating organizations primarily represent eight verticals (with some overlap): financial services, independent software vendors, technology, healthcare, cloud, Internet of Things, insurance, and retail.

Verticals with lower representation in the BSIMM population include telecommunications, security, and energy. These companies graciously agreed to be identified:

HOW DO I GET INVOLVED?

The most important use of the BSIMM is as a measuring stick to determine where your approach currently stands relative to other firms. We’ll help you do this by noting which activities you already have in place and using “activity coverage” to determine levels and build a scorecard. We also provide a chart that compares your maturity high-water mark to the averages we’ve published, showing you clearly how your initiative stacks up against others also trying to secure their software portfolios.

If you’re interested in participating in the BSIMM study, we’ll need to collect your data carefully in an intensive, in-person interview process.

Let’s talk

The BSIMM is designed to help you understand, measure, and plan a software security initiative. The BSIMM was created by observing and analyzing real-world data from leading software security initiatives.

Useful Links

About BSIMM

About BSIMM

Privacy & Legal

This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License