The BSIMMsc has now seen nearly eight years of use in real-world scenarios. Organizations use it primarily to separate vendors into three groups:
This white paper shows how the BSIMMsc leverages attestation and automation to function as a foundational security control for software supply chain risk management. If the BSIMM is a yardstick for an enterprise’s software security initiative, the BSIMMsc is a six-inch ruler focused on a specific risk management concern.