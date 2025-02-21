The BSIMM is descriptive rather than prescriptive. That is, the BSIMM is not a how-to guide, nor is it a one-size-fits-all prescription for security. Instead, it is a reflection of software security that can:



Provide an objective view of your current software security initiative (SSI).

Give you insight into how your SSI compares to the SSIs of other BSIMM participants in your industry.

Show year-over-year SSI progress through consecutive BSIMMs.



The Black Duck Maturity Action Plan (MAP) is available for organizations that want to turn the information obtained from the BSIMM into a prescriptive plan. If you don’t have a software security initiative in place, the BSIMM can help your organization develop an SSI, allowing you to answer these questions, among others:

What software security activities do other organizations in your vertical perform?

What activities should your software security initiative focus on now and in the future?

How many people do you need in your software security group?

If you already have a software security initiative running, you can use the BSIMM to learn where you stand against your peers and enhance your software security program.