Building Security In Maturity Model (BSIMM) - Practices from Seventy Eight Organizations. Part 1: Target Audience, Structure, Addition of Healthcare Vertical

Abstract

So, you can learn about the BSIMM on the BSIMM website. It's bsimm.com. The BSIMM is a measurement tool for software security initiatives. That is, when an organization that has lots of developers is trying to figure out how to change their culture in order to build more secure software, the BSIMM is extremely helpful along those lines. We started the BSIMM project about 8 years ago, and we started by gathering data from 9firms. Now, with the 6th iteration of the model, BSIMM6, we've actually described the work of78 firms. We've measured a whole lot more firms than that, but we pay very close attention to data freshness and data correctness. So, some firms that we've measured are no longer part of the project. The 78 firms build lots and lots of software and, in fact, have 287,000 developers. So, describing the work of a whole lot of people, not just a few. Let me just list what some of those companies are among the 7878. And I'm going to do this quick in alphabetical order.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2021
Accession Number
AD1147155

Entities

People

  • Gary Mcgraw
  • Lisa Young

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Biomedical
  • Space

DTIC Thesaurus Topics

  • Artificial Satellites
  • Commerce
  • Communities
  • Consumers
  • Copyrights
  • Data Sets
  • Engineering
  • Executives
  • Internet Of Things
  • Measurement
  • Regulations
  • Risk Management
  • Robotics
  • Security
  • Side Effects
  • Software Development
  • Standards
  • Statistics
  • Training
  • Universities

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Educational Psychology
  • Government Contracting/Procurement.