The Building Security in Maturity Model (BSIMM) has been there each year to track how organizations are making progress. BSIMM11, released last week by Synopsys, is based on software security practices in place at 130 different firms across numerous industries. The practices were measured by the model’s proprietary yardstick, which lumps 121 different software security metrics into four major domains: governance, intelligence, secure software development lifecycle (SSDL) touchpoints, and deployment.”]
Source: https://www.darkreading.com/application-security/12-bare-minimum-benchmarks-for-appsec-initiatives