Open public standard for software security activities
A measuring stick to determine where your software security initiative stands
Descriptive, not prescriptive, results
A large data pool against which to compare your own initiative
A comprehensive list of activities found in dozens of software security initiatives
An active BSIMM Community to engage with year-round, including at the annual conference
The most important use of the BSIMM is as a measuring stick to determine where your approach currently stands relative to other firms. We’ll help you do this by noting which activities you already have in place and using “activity coverage” to determine level and build a scorecard. We also provide a chart that compares your own maturity high-water mark to the averages we have published. This enables you to see clearly how your initiative stacks up against your peers'.
If you’re interested in participating in the BSIMM study, your data will need to be collected carefully in an intensive, in-person interview process.