Over the past decade, we’ve studied dozens of security activities performed by real-life firms. Take a look at some key facts from this year’s BSIMM report.
Over the past ten years, we’ve studied dozens of security activities performed by real-life firms to measure the software security practices used in organizations of different sizes, in different verticals, and at different levels of maturity. Quantifying these practices in the Building Security In Maturity Model (BSIMM) allows us to describe the common areas shared by many organizations, as well as the variations that make each unique. The BSIMM isn’t a how-to guide or a one-size-fits-all prescription. It’s a reflection of real software security initiatives taking place around the world. Take a look at the infographic below to see some key facts about this year’s report, BSIMM9.
BSIMM9 by the numbers
10: Number of years BSIMM has been around (started in 2008)
167: Total number of firms studied by BSIMM
116: Number of software security activities measured by BSIMM
10: Average point increase seen in the raw scores of the 42 firms re-measured
62: Percent of BSIMM participants that incorporate BSIMM’s 12 core activities into their SSI
100: Percent of BSIMM participants that have an SSI and agree that it’s key to the success of their initiative
1:75: Average ratio of SSG members to developers
13.3: Average number of people in an SSG
117: Average number of people in a satellite
90: Percent of the 10 highest-scoring firms that have a satellite
0: Percent of the 10 lowest-scoring firms that have a satellite