Building Security In Maturity Model (BSIMM) - Practices from Seventy Eight Organizations. Part 1: Target Audience, Structure, Addition of Healthcare Vertical

So, you can learn about the BSIMM on the BSIMM website. It's bsimm.com. The BSIMM is a measurement tool for software security initiatives. That is, when an organization that has lots of developers is trying to figure out how to change their culture in order to build more secure software, the BSIMM is extremely helpful along those lines. We started the BSIMM project about 8 years ago, and we started by gathering data from 9firms. Now, with the 6th iteration of the model, BSIMM6, we've actually described the work of78 firms. We've measured a whole lot more firms than that, but we pay very close attention to data freshness and data correctness. So, some firms that we've measured are no longer part of the project. The 78 firms build lots and lots of software and, in fact, have 287,000 developers. So, describing the work of a whole lot of people, not just a few. Let me just list what some of those companies are among the 7878. And I'm going to do this quick in alphabetical order.