Codific
codific.com › home › appsec › bsimm (building security in maturity model): a complete guide
BSIMM (Building Security In Maturity Model): A Complete Guide - Codific
September 2, 2025 - Some notable examples of companies that use BSIMM include Lenovo, Bank of America and Johnson & Johnson. The framework is particularly popular among large enterprises with mature software development lifecycles (SDLCs) that require tailored ...
Videos
01:13
Building Security In Maturity Model or BSIMM from Black Duck | ...
07:59
What is BSIMM? Building Security In Maturity Model Explained - YouTube
46:27
OWASP SAMM vs BSIMM: Which Maturity Model Reigns Supreme? - YouTube
55:51
CSIAC Webinars - The Building Security In Maturity Model (BSIMM) ...
51:28
The Building Security In Maturity Model BSIMM - YouTube
OpenSAMM vs. BSIMM - Software Security Maturity Models | A robust ...
Black Duck
blackduck.com › glossary › what-is-bsimm.html
What Is the BSIMM and How Does It Work? | Black Duck
March 12, 2026 - The Building Security In Maturity Model (better known as the BSIMM) is a descriptive model that provides a baseline of observed activities for software security initiatives.
OWASP SAMM
owaspsamm.org › blog › 2020 › 10 › 29 › comparing-bsimm-and-samm
Comparing BSIMM & SAMM
October 29, 2020 - We like to say we visited a neighborhood to see what was happening and observed that “there are robot vacuum cleaners in X of the Y houses we visited.” Note that the BSIMM does not say, “all houses must have robot vacuum cleaners,” “robots ...
Grcmana
grcmana.io › resources › frameworks › bsimm
BSIMM | GRCMana
January 5, 2025 - Alright, let's get into the nitty-gritty of what BSIMM really is. Picture it as a map. A map that guides companies on how to build secure software. It's not just any map, though. It's crafted from real-world data. Data collected from companies that are already doing a great job at keeping their software safe.
Konfirmity
konfirmity.com › home › glossary › bsimm framework: how it supports data protection standards (2026)
BSIMM Framework: How it supports data protection standards (2026) | Konfirmity
December 12, 2025 - Unlike compliance frameworks that prescribe specific controls, BSIMM documents what organizations actually do to achieve software security maturity—making it particularly valuable for vendors who need to demonstrate credible security practices to enterprise clients while meeting data protection obligations under frameworks like ISO 27001, SOC 2, and GDPR.
Jaatun
jaatun.no › papers › 2017 › bsimm4research.pdf pdf
Chapter 1 (actually chapter 7 in the book) The Building Security in
A concrete example of this · could be an organisation that develops and runs a service that runs in the cloud. In this case, activity SE2.4 “Use code signing” does not make sense, since the · source or binaries are never transferred out of the organisation’s cloud.
Owasp
wiki.owasp.org › images › b › bd › Bsimm09.pdf pdf
Software Confidence. Achieved. October 2009 Building Security In
Software Confidence. Achieved · Building Security In
Software Engineering Institute
sei.cmu.edu › documents › 5032 › 2016_016_100_450816.pdf pdf
Building Security In Maturity Model (BSIMM)
We have added a few activities. I gave you an example of bug bounties. We've actually added · that into the model. And we track that directly because we saw it begin to emerge. And so, the · BSIMM, as a description of the space, really does adjust to describe the real world out there.
USENIX
usenix.org › conference › usenixsecurity09 › technical-sessions › presentation › building-security-maturity-model-bsimm
The Building Security in Maturity Model (BSIMM) | USENIX
In 2008 the speakers, with Sammy Migues, interviewed executives running nine initiatives, using the twelve practices of the Software Security Framework as our guide. Those companies among the nine who graciously agreed to be identified include Adobe, The Depository Trust and Clearing Corporation (DTCC), EMC, Google, Microsoft, QUALCOMM, and Wells Fargo. The resulting data, drawn from real programs at different levels of maturity, was used to guide the construction of the Building Security in Maturity Model. This talk will describe the maturity model, drawing examples from many real software security programs.
Synopsys
synopsys.com › content › dam › bsimm › reports › bsimm13-foundations.pdf pdf
1 BSIMM FOUNDATIONS REPORT – VERSION 13 FOUNDATIONS REPORT 2022
September 19, 2022 - into a software security framework (SSF), represented in Figure 7. The SSF is organized into four domains—Governance, Intelligence, SSDL Touchpoints, and Deployment—with those domains currently · embracing 125 activities. The Governance domain, for example, includes activities that fall under the organization, management, and ... BSIMM terminology.
GrammaTech
grammatech.com › home › what the building in security maturity model (bsimm) says about the role of sast and sca
What the Building In Security Maturity Model (BSIMM) Says About the Role of SAST and SCA | GrammaTech
April 25, 2024 - The BSIMM11 report provides interesting insights into the state-of-the-art security practices in place in the software industry. It also outlines a framework, based on observing companies at each stage of maturity, for organization to follow who are looking to mature their practices.
Socket
socket.dev › glossary › building-security-in-maturity-model-bsimm
Glossary: Building Security In Maturity Model (BSIMM) - Sock...
The Building Security In Maturity Model (BSIMM) is a framework and benchmarking tool designed to assist organizations in understanding and improving their software security initiatives. Rather than providing a checklist or a one-size-fits-all solution, BSIMM acts as a mirror, reflecting the software security practices adopted by leading organizations.
DTIC
apps.dtic.mil › sti › trecms › pdf › AD1147155.pdf pdf
Building Security In Maturity Model (BSIMM) - DTIC
We have added a few activities. I gave you an example of bug bounties. We've actually added · that into the model. And we track that directly because we saw it begin to emerge. And so, the · BSIMM, as a description of the space, really does adjust to describe the real world out there.
Williamlien
williamlien.com › home › blog › my journey with the bsimm framework: lessons learned and success
My Journey with the BSIMM Framework: Lessons Learned and Success - My Security & AI Blog
February 13, 2024 - The Building Security In Maturity Model (BSIMM) is a powerful tool that organizations can use to assess the maturity of their software security initiatives. It's not just a theoretical model—it's based on the real-world practices of top companies. I was fortunate enough to be involved in leading our company's BSIMM assessments in 2021 and 2022.
Apothecaryshed
apothecaryshed.com › wp-content › uploads › 2025 › 09 › bsimm.pdf pdf
Building Security In Maturity Model
is captured and described in BSIMM. As an organizing feature, we introduce and use a Software Security Framework