Here (also embedded below) is a mapping of several BSIMM activities and translating them into a questionnaire that can be easily filled in by developers, technical architects, business owners and security champions (called satellites in BSIMM).
Note that not all activities are there. Some only made sense for SSG (Software Security Group) to answer, and I already knew the answer for others.
This is still a work in progress, and I'm not happy with the wording of some of the questions. But it is good enough to give a try and get feedback.
The objective is to create metrics about multiple development teams, so that a set of targets can be set (and an action plan created)