The document discusses 7 truths for improving software security based on data from the Building Security In Maturity Model (BSIMM). It summarizes that security initiatives commonly start with straightforward activities and gain altitude in stages; organizations move at their own speed along the maturity curve; leadership from a senior executive and a software security group is essential; using security testing tools alone is not enough and experts are needed; broad support from other teams helps reduce risk; strategies need to change as conditions change; and each organization can choose tactics that fit its needs after assessing its maturity. A BSIMM assessment compares an organization's initiative to peers to identify strengths, gaps, and strategies tailored to it.