The Building Security In Maturity Model (BSIMM) was released in March 2009 under a Creative Commons license. Since March, the BSIMM has evolved and expanded in several ways. Most importantly, the BSIMM study has added data for seventeen companies to the original nine, bringing the study total to twenty-six.
You can read the article of Gary McGraw (author of Software Security: Building Security In, CTO Cigital) here.
Take a look at the last presentation of Gabriele Giuseppini regarding BSIMM at the last
OWASP Day IV
Minded Security translates the BSIMM document in italian. You can download it