BSIMM2 – The Building Security in Maturity Model

Software security has made great progress over the last decade.  The Building Security In Maturity Model (BSIMM, pronounced “bee simm”) is designed to help you understand, measure, and plan a software security initiative.  Of the sixty large-scale software security initiatives we are aware of, thirty—all household names—are currently included in the BSIMM study. Those companies among the thirty who graciously agreed to be identified include: Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Google, Intel, Intuit, Microsoft, Nokia, QUALCOMM, Sallie Mae, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, VMware, and Wells Fargo.   The BSIMM was created by observing and analyzing real-world data from thirty leading software security initiatives. The BSIMM can help you determine how your organization compares to other real-world software security initiatives and what steps can be taken to make your approach more effective.  The most important use of the BSIMM is as a measuring stick to determine where your approach to software security currently stands relative to other firms.