Comparing a firm's BSIMM measurement against a benchmark

[Iván Arce <ivan.w.arce () gmail com>]

Hello

I've updated the BSIMM visualizations I posted about yesterday.

Here are two sample visualizations to compare a firm's measurement
against a benchmark ("Earth").

The first one uses the size of the boxes to indicate how prevalent is
the activity (percentage of firms where the activity was observed) and
color to indicate that the activity was observed at the firm.

http://www-958.ibm.com/v/298285

In the second treemap I used color to encode the difference in magnitude
between "earth" and the firm's measurement. Box size still represents
percentage of firms where the activity was observed.

http://www-958.ibm.com/v/298286

Finally, this is the same treemap from yesterday reordered. It's useful
to show coverage per maturity level and practice. The original one is gone.

http://www-958.ibm.com/v/298287

If you do not want to let Java run in your browser to see these, you can
click on the "Full image" link at the bottom left which will bring up a
static PNG image.

-ivan

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________