Besides adding healthcare to its verticals, Cigital’s BSIMM6 model was slightly adjusted, but its data pile is continuing to grow, which is what will help firms become secure.

With BSIMM6, Cigital now covers 78 firms, helping them fix and prevent vulnerabilities in their applications. Some of these companies include Adobe, Aetna, Cisco, EMC, JPMorgan Chase, LinkedIn, Nokia, PayPal, TomTom, Vanguard, VMware and Zephyr Health.

Cigital’s hope for the future is to scale to all developers and use BSIMM6 to find out what people are doing for software security. One of its main challenges is getting software developers to learn and take advantage of the facts—something McGraw hoped will change in the future by developers using Cigital’s model.

“The good news is we know what to do; we just need to do it,” he said.