Black Duck
blackduck.com › blog › bsimm-trends-and-recommendations.html
BSIMM15: New focus on securing AI and the software supply chain | Black Duck Blog
January 14, 2025 - The latest “Building Security in Maturity Model” (BSIMM) report, now in its 15th iteration, reveals how participating organizations are securing AI and other emerging technologies, as well as prioritizing efforts to secure the software supply ...
Codific
codific.com › home › appsec › bsimm (building security in maturity model): a complete guide
BSIMM (Building Security In Maturity Model): A Complete Guide - Codific
September 2, 2025 - The latest edition of the Building Security In Maturity Model, BSIMM 15, builds on the same foundation of twelve practices across four domains.
What are the primary components of the BSIMM that contribute to building a robust Software Security Initiative (SSI)?
The primary components of the BSIMM that contribute to building a robust Software Security Initiative (SSI) include its organization into four domains: Governance, Intelligence, SSDL Touchpoints, and Deployment, each containing specific practices and activities . Key activities within these domains involve implementing governance strategies and security checkpoints, creating and enforcing policies, using security champions, and building a security-focused culture . The BSIMM framework is descriptive, capturing real-world software security efforts across organizations, providing a shared vocabu
scribd.com
scribd.com › document › 847709659 › Bsimm-15-Report
Bsimm 15 Report
What are the key changes introduced in BSIMM15, and why are they significant for modern software security efforts?
Key changes introduced in BSIMM15 include increased focus on the integration of security into modern software development practices, like CI/CD, and adapting governance to support agile development with automated security checkpoints and telemetry . There's also a heightened emphasis on building strong vendor management relationships to ensure vendors adhere to mature software security practices, such as including security SLAs in contracts, which has seen substantial growth . BSIMM15 also stresses creating SBOMs and adopting application composition analysis to improve supply chain security .
scribd.com
scribd.com › document › 847709659 › Bsimm-15-Report
Bsimm 15 Report
How do the BSIMM's observational methods provide value to organizations compared to prescriptive security frameworks?
The BSIMM's observational methods provide value by capturing and reflecting real-world software security practices across diverse organizations, supplying a data-driven model that assists organizations in benchmarking and evolving their security programs without enforcing specific practices. This approach contrasts with prescriptive security frameworks that mandate a set of best practices. By offering a common vocabulary and methodology, the BSIMM helps organizations compare their security efforts with others and identify opportunities for strategic improvements and tailored implementations th
scribd.com
scribd.com › document › 847709659 › Bsimm-15-Report
Bsimm 15 Report
ReversingLabs
reversinglabs.com › blog › bsimm15-sbom-ai-security-modern-tooling
BSIMM15 shines light on compliance and AI security | ReversingLabs
Participants in the latest report, BSIMM15, included more than 120 companies — among them AARP, Aetna, Bank of America, Diebold Nixdorf, Eli Lilly, Fidelity, Honeywell, Johnson & Johnson, Lenovo, MassMutual, Navy Federal Credit Union, SonicWall, Synchrony Financial, TD Ameritrade, Vanguard, and ZoomInfo — as well as 11,100 security professionals who collectively help 270,000 developers working on 96,000 applications.
Black Duck
blackduck.com › content › dam › black-duck › en-us › reports › bsimm-report.pdf pdf
bsimm-report.pdf
NORMALIZED BSIMM ACTIVITY COUNTS................... 13 ... SOLVING THE DOCUMENTATION PROBLEM................ 14 · SOFTWARE SECURITY TRAINING IS EVOLVING.......... 14 · TOPICS WE’RE WATCHING .......................................... 15
Medium
armerding.medium.com › get-to-know-the-bsimm-a-crowd-sourced-guidebook-for-your-journey-to-better-software-security-bcd8bc7d43e0
Get to know BSIMM — a crowd-sourced guidebook for your journey to better software security | by Taylor Armerding | Medium
January 14, 2025 - Indeed, BSIMM, the subject of an annual report by software security company Black Duck now in its 15th iteration, is an example of that cliché about many hands making light work. In this case, it’s many brains (thousands) involved in software security initiatives (SSIs) that help to generate a guidebook on what works, or doesn’t, to build more-secure software.
Codific
sammy.codific.com › browse › bsimm-15 › governance › strategy-and-metrics
Strategy and Metrics from BSIMM 15 framework | SAMMY
Explore Strategy and Metrics from BSIMM 15 with our comprehensive tool for managing compliance and maturity programs. Learn how BSIMM 15 can help you achieve application security and cybersecurity resilience
Black Duck
blackduck.com › content › dam › black-duck › en-us › datasheets › bsimm-datasheet.pdf pdf
blackduck.com | 1 BUILDING SECURITY IN MATURITY MODEL (BSIMM)
This scorecard shows how often we observed each of the BSIMM15 activities in the data pool of 121 firms.
Codific
sammy.codific.com › browse › bsimm-15 › deployment › software-environment
Software Environment from BSIMM 15 framework | SAMMY
Explore Software Environment from BSIMM 15 with our comprehensive tool for managing compliance and maturity programs. Learn how BSIMM 15 can help you achieve application security and cybersecurity resilience
Security Boulevard
securityboulevard.com › home › security bloggers network › bsimm15 highlights compliance and ai security: why modern tooling is key
BSIMM15 highlights compliance and AI security: Why modern tooling is key - Security Boulevard
January 23, 2025 - An increase in compliance activities such as the creation of software bills of materials (SBOMs), performing software composition analysis (SCA) scans on code repositories, and securing the attack surface created by artificial intelligence (AI) applications are among the key software security trends highlighted in the latest edition of the Building Security in Maturity Model (BSIMM) report.
Codific
sammy.codific.com › browse › bsimm-15 › intelligence › security-features-and-design
Security Features and Design from BSIMM 15 framework | SAMMY
Explore Security Features and Design from BSIMM 15 with our comprehensive tool for managing compliance and maturity programs. Learn how BSIMM 15 can help you achieve application security and cybersecurity resilience