The Building Security in Maturity Model (BSIMM) is a set of best security practices developed by analyzing what different companies have tried and found effective. It began in September 2009, when founders Gary McGraw and Sammy Migues of Cigital and Brian Chess of Fortify went public with the results of nine software security initiatives. Its latest annual report, this past September, included 51 initiatives and 111 specific activities, about 30 common to more than two thirds of the participants. The model has reached a critical mass, meaning it can provide a credible guide to improve security even for those not members.”]
Source: https://www.csoonline.com/article/2132713/bsimm-s-gift–the-12-security-days-of-christmas.html