Justice League Blog
Announcing BSIMM3
We announced BSIMM in March 2009 and BSIMM2 in May 2010. It’s now time for BSIMM3. Long live the BSIMM.
Since the first BSIMM interview in October 2008, we’ve progressed from nine to 30 to 42 firms (and more, at this point). We’ve also measured 11 firms twice—about 19 months between measurements on average—and that has provided the BSIMM community with some unique insight on how software security initiatives change over time. Assessing 42 individual firms and performing 11 re-assessments required 81 sets of interviews in just a shade less than three years.
For my money, that’s not bad for a backyard project.
Of the 42 firms in the data pool, 27 have graciously allowed us to name them as BSIMM participants. They are: Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Fannie Mae, Google, Intel, Intuit, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, SAP, Scripps Networks Interactive, Sony Ericsson, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, Visa, VMware, Wells Fargo, and Zynga. To these and the other 15 firms, thank you very much for participating. You are directly responsible for advancing the cause of software security.
The BSIMM3 document is freely available under a Creative Commons license. You can get it from http://bsimm.com. Go ahead; it’s a good read. Even if you’re down the road with your software security initiative, you can get a glimpse into the actual software security activities conducted by your peers and competitors. If you’ve yet to get started, BSIMM will give you some great ideas.
As always, we are looking for more people who are interested in participating in the BSIMM study. We’d love to hear from you.
–Sammy.
