Although there are growing numbers of standards offering guidance on security issues, few provide an adequate measure of the security measures themselves. Security Maturity Models enable communities to evaluate their current status from the very start of the development lifecycle, supporting the "shift left" paradigm. They provide a framework for a programme to improve security posture, and provide a framework for them to design a programme to improve their security posture, and are sufficiently adaptable to be applicable to both embedded and enterprise computing alike.