The BSIMM is based on information from 104 enterprises, including 10 health care firms. Participating organizations include Adobe, Aetna, ANDA, The Advisory Board Company, Autodesk, Bank of America, Black Knight Financial Services, BMO Financial Group, Box, Capital One, Citigroup, Cisco, Comerica, Cryptography Research, Depository Trust and Clearing Corporation, Elavon, EMC, Epsilon, Experian, Fannie Mae, Fidelity, F-Secure, HP Fortify, HSBC, Intel Security, JPMorgan Chase, Lenovo, LinkedIn, Marks & Spencer, McKesson, NetApp, NetSuite, Neustar, Nokia, PayPal, Pearson Learning Technologies, Qualcomm, Rackspace, Salesforce, Siemens, Sony Mobile, Symantec, Home Depot, Trainline, TomTom, U.S. Bancorp, Vanguard, Visa, VMware, Wells Fargo, and Zephyr Health. This was also the first time consumer electronics companies that work with the Internet of things were included in the model.
“BSIMM continues to be the authoritative source of observed practices and activities from the most mature software security programs across industries,” said Jim Routh, the chairman of NH-ISAC.
Sign up for Computerworld eNewsletters.