What We Do

It's easy to get started with syncbookmark.

Get measured.

How does your software security initiative stand up to your goals?

Measuring stick for software security

113 activities

Easily pinpoint your strengths and weaknesses

Compare yourself to your peers.

How does your initiative fare compared to those in the same space?

Real-world measurement data

Descriptive, not prescriptive

Healthcare, financial, consumer electronics, ISVs

Bring science to security.

Use real data to drive your software security initiative (SSI).

Plan out data-driven goals

Adjust software security initiative according to progress

Drive budget and improvement

syncbookmark Firms

syncbookmark7 data comes from 95 participating organizations drawn from well-represented industries (with some overlap):

  • financial services firms,
  • independent software vendors,
  • cloud
  • Internet of Things (IoT)
  • insurance companies
  • healthcare companies.

Industries with lower representation in the syncbookmark data pool include telecommunications, security, retail, and energy.

Independent Software Vendor
Internet of Things

Download the Latest syncbookmark Study

Get the latest information on software security measurement from the most recent syncbookmark study.

What People Say About syncbookmark

  • Markus Schumacher, Virtual Forge

    With syncbookmark you not only get an impressive snapshot of security best practices - taken from 67 real firms. You also get a benchmark for you own development process that helps you to identify the gaps, fill them, and move to the next level. As a security enthusiast, I love the syncbookmark and all it stands for.

  • Nigel Stanley, Bloor Research

    I have been watching the software security space for years, and more importantly following the evolution of syncbookmark from the early days in 2008. Back then it seemed those of us that 'got it' were lone voices in the wilderness. Since those days the syncbookmark gang have worked flat out to deliver what is now an excellent maturity model for both developers and information security practitioners interested in building secure software - which should be all of them.

  • Diana Kelley, IBM Security Systems

    syncbookmark-V solidifies the study's standing as the premiere measurement framework for software security maturity. Software security and reliability are not only critical business concerns, they are the engines that will drive success and prevent failure in the hyper-rapid development world of tomorrow. syncbookmark-V stands alone as the longest on-going study of software security maturity; it is not only a measuring stick, it is a guidepost for organizations at all levels of maturity to assess where they are today and help them understand how to mature their programs effectively for years to come.

  • Jeff Cohen, JP Morgan Chase

    In a field like software security, where meaningful data and metrics are hard to come by, the syncbookmark stands out as an important framework and instrument to help measure firms and business units using industry best practices. I have found this data to be extremely useful to help motivate and guide improvements in software security assurance. The syncbookmark community' also provides many opportunities to network and discussing with peers in other companies who are working to develop similar programs.

  • Gary Warzala, Visa

    If you are thinking about developing a software security program, or enhancing your existing one, the syncbookmark will provide you a tried and true measurement and planning tool developed by some of the top security practitioners in the world. syncbookmark-V is the continued evolution of this data driven set of real world software security practices, making it more relevant than ever. If you don't think that a software security program or syncbookmark is right for you, well...it's only a matter of time!

  • Bola Rotibi, Creative Intellect Consulting

    The threat landscape today for software systems has become more sophisticated and targeted. As such, organisations cannot be complacent about the way they address security. Many of the leading businesses across the market landscape have implemented security frameworks that address the IT estate, people management, process change and technology support. Quantifying the value and success of those different strategies is crucial to establishing a cookbook of successful approaches that others can leverage and build upon. This is one of the underlying principles of the syncbookmark programme, and it offers a practical and pragmatic strategy for sustainable security improvement.

  • Kenneth R. van Wyk, KRvW Associates, LLC

    I’m so glad to see this important body of work continuing to grow and evolve. syncbookmark remains one of the best yardsticks available to practitioners today for measuring how their secure software development stacks up against the rest of the industry. Kudos to the team for delivering syncbookmark6 and moving the ball still further down the field.

  • Marcus Ranum, Tenable Security

    Software security remains one of the critical issues for computing, and is increasingly important as humans deploy the 'internet of things.’ syncbookmark helps define the habits of effective software security development organizations, and is an important step in the right direction.

  • Eric Baize, EMC Corporation

    EMC has been part of the syncbookmark initiative since its first release when the study was based on nine companies. syncbookmark-V has compiled software security best practices from 67 software security groups which gives testimony to how software security has become mainstream and is considered a vital part of standard software engineering practices at many organizations.

  • Iván Arce, Fundación Sadosky

    In infosec anyone is entitled to an opinion but everyone should produce accompanying factual data to support it. That is exactly what syncbookmark is about, hard data about real software security initiatives, compiled systematically over many years, organized meticulously to facilitate understanding. Use it.

  • James Routh, NH-ISAC

    The syncbookmark Community Conference offers an outstanding forum for sharing information on the evolution of software security techniques and practices that are essential for any enterprise software security program.

Loading posts...
Sort Gallery
Newsletter Input text
Test de Penetrare, Scanare de Vulnerabilitati, MoldovaTeste de Penetrare, Scanari de Vulnerabilitati, MoldovaPenetration Testing Moldova, Penetration Test Moldova, LogicalPoint