Genetec elected to have a BSIMM assessment performed to help identify areas of potential growth and gain a clear picture of its software security stance. The Building Security In Maturity Model (BSIMM) from Synopsys offers security executives a model and framework to test, measure, and benchmark their current AppSec activities. Based on the security programs of 130 organizations in many verticals, including financial services, independent software vendors, healthcare, and consumer electronics, BSIMM data offers a unique perspective on the state of AppSec and provides insight into the key activities, practices, and tools executives should consider implementing in their own organization.
Genetec began work with the BSIMM in December 2016 and has conducted two assessments in the past five years.
Mathieu’s decision to perform a BSIMM assessment on his organization’s fledgling security program provided crucial third-party insights. Use of BSIMM data helped with his plan “to find low-hanging fruit, build momentum, and use this to drive changes.” Though he had a gut feeling of what needed to be done, Mathieu used the data provided by the BSIMM to assess “where they were, work on improving the situation, and then measure again.” After looking at the best way to quantitatively approach this effort, Mathieu found that BSIMM would fill that need.
Use of a trusted third party lent credibility and support to his efforts, provided key guidance, and also validated his decisions and the direction for the program.