Software Integrity Blog


[Infographic] BSIMM10 by the numbers

How many BSIMM participants have a software security group? How many think it’s key to their success? How many people are in the average SSG? Get the facts.

Quick facts about BSIMM10

For 11 years, we’ve studied dozens of firms of different sizes and in different verticals to measure the software security activities they use in real life. We publish the results as the Building Security In Maturity Model (BSIMM), which describes the common areas many organizations share and the variations that make them unique.

BSIMM participants are the core of the BSIMM project. Our model is driven entirely by data about what firms are doing, without speculation as to what they should be doing. Without our participants, we’d have no data, and thus no model.

So who are BSIMM participants? How many people are in their software security groups? What activities do they perform? How well do they do? For participants who have had multiple BSIMM assessments across the years, how much have they improved? BSIMM10 is available now and has all the answers. For a summary, take a look at the infographic below (PDF version).

Download the BSIMM participants infographic

Facts about BSIMM participants

Number of years BSIMM has been around (started in 2008) 11 10
Total number of BSIMM participants, all time 185 167
Number of software security activities measured by BSIMM 119 116
Average point increase seen in the raw scores of the firms re-measured 11.1 10
Percent of BSIMM participants that incorporate the 12 core activities into their SSI 63 62
Percent of participants that have an SSI and agree that it’s key to the success of their initiative 100 100
Average ratio of SSG members to developers 1:73 1:75
Average number of people in an SSG 13.1 13.3
Average number of people in a satellite 110 117
Percent of the top-scoring BSIMM participants that have a satellite 86 90
Percent of the 10 lowest-scoring firms that have a satellite 0 0

Download the BSIMM



More by this author