Cigital

BSIMM (pronounced “bee-simm”) stands for the Building Security In Maturity Model.    Built upon observed best practices the BSIMM is a descritive model that details the specific activities organizations can engage in to improve and mature their software security posture. Originally developed with data from 9 core firms, BSIMM has grown to include data from over 40 industry leading firms firms.  BSIMM is a robust measurement and planning tool that gives clients a clear picture of software security in their firm. Equally as important BSIMM is a yardstick that can help an organization compare its own practices to those of its peers.  The model provides information on the state of the industry, your performance relative to security benchmarks and guidance on what works.

Use BSIMM to:

• Assess the current state of your software security initiative.
• Apply scientific data to identify and prioritize change.
• Determine how best to allocate resources for maximum impact.

Learn more and download BSIMM

BSIMM was developed with data from more than 42 companies, including:

• Adobe
• Aon
• Bank of America
• Capital One
• DTCC
• EMC
• Fannie Mae
• Fidelity
• Google
• Intel
• Intuit
• Mashery
• McKesson
• Microsoft
• Nokia
• QUALCOMM
• Sallie Mae
• SAP
• Scripps Networks Interactive
• Sony Ericsson
• Standard Life
• SWIFT
• Symantec
• Telecom Italia
• Thomson Reuters
• VISA
• VMware
• Wells Fargo
• Zynga

BSIMM is provided free of charge under a Creative Commons license. We invite you to explore the model and use the data as you evaluate and plan your security initiatives.