Here (also embedded below) is a mapping of several BSIMM activities and translating them into a questionnaire that can be easily filled in by developers, technical architects, business owners and security champions (called satellites in BSIMM).
Note that not all activities are there. Some only made sense for SSG (Software Security Group) to answer, and I already knew the answer for others.
This is still a work in progress, and I'm not happy with the wording of some of the questions. But it is good enough to give a try and get feedback.
The objective is to create metrics about multiple development teams, so that a set of targets can be set (and an action plan created)
I am currently in the brain dump stage of development, where I'm adding the content I want to talk about (in a kinda-structured way). The idea is to expand the bullet points into text and normalise the content in logical areas (some topics already have a first pass at expanding the ideas into final text).