The Building Security in Maturity Model V (BSIMM-V) is an industry-driven maturity model dedicated to software security, which specifies a set of activities designed to foster an improved security posture within the organization. This research explores the firm characteristics and approaches to information risk of the participating BSIMM-V firms, primarily through text mining techniques. The objective of this research is to determine if there are any significant associations or relationships between firm characteristics, the activities identified by the BSIMM �V model, and reported information security incidents.