How many BSIMM participants have a software security group? How many think it’s key to their success? How many people are in the average SSG? Get the facts.
For 11 years, we’ve studied dozens of firms of different sizes and in different verticals to measure the software security activities they use in real life. We publish the results as the Building Security In Maturity Model (BSIMM), which describes the common areas many organizations share and the variations that make them unique.
BSIMM participants are the core of the BSIMM project. Our model is driven entirely by data about what firms are doing, without speculation as to what they should be doing. Without our participants, we’d have no data, and thus no model.
So who are BSIMM participants? How many people are in their software security groups? What activities do they perform? How well do they do? For participants who have had multiple BSIMM assessments across the years, how much have they improved? BSIMM10 is available now and has all the answers. For a summary, take a look at the infographic below (PDF version).
|Number of years BSIMM has been around (started in 2008)||11||10|
|Total number of BSIMM participants, all time||185||167|
|Number of software security activities measured by BSIMM||119||116|
|Average point increase seen in the raw scores of the firms re-measured||11.1||10|
|Percent of BSIMM participants that incorporate the 12 core activities into their SSI||63||62|
|Percent of participants that have an SSI and agree that it’s key to the success of their initiative||100||100|
|Average ratio of SSG members to developers||1:73||1:75|
|Average number of people in an SSG||13.1||13.3|
|Average number of people in a satellite||110||117|
|Percent of the top-scoring BSIMM participants that have a satellite||86||90|
|Percent of the 10 lowest-scoring firms that have a satellite||0||0|