Today we saw an updated release of the "Building Security In Maturity Model" (BSIMM) study, which significantly expands the data defining benchmarks for successfully developing and growing an enterprise-wide software security initiative.
Launched in March 2009, BSIMM is the industry's first and only structured set of best practices for software security based on real-world data rather than philosophy and theory. The latest release, BSIMM2, triples the size of the original study from nine organisations to 30, across a range of seven overlapping verticals including: financial services (12), independent software vendors (7), technology firms (7), healthcare (2), insurance (2), energy (2) and media (2). BSIMM2 now reports the collective expertise of 635 people in firms with 130 years of collective experience.
This is really cool work and moves the game forward in terms of software security. Check out this link for more information