Black Duck
blackduck.com › glossary › what-is-bsimm.html
What Is the BSIMM and How Does It Work? | Black Duck
March 12, 2026 - The BSIMM is a software security framework used to categorize activities to assess security initiatives. The framework consists of 12 practices organized into four domains:
Secureframe
secureframe.com › home › frameworks glossary › building security in maturity model (bsimm) | secureframe
Building Security In Maturity Model (BSIMM) | Secureframe
BSIMM is structured around 12 practices that span the software security domain. These practices, in turn, consist of multiple activities.
Codific
codific.com › home › appsec › bsimm (building security in maturity model): a complete guide
BSIMM (Building Security In Maturity Model): A Complete Guide - Codific
September 2, 2025 - The Building Security In Maturity Model (BSIMM) operates as an observational framework designed to evaluate and improve an organization’s software security initiatives. At its core, BSIMM defines a Software Security Framework (SSF) of 12 practices across four domains.
Synopsys
synopsys.com › content › dam › bsimm › reports › bsimm13-foundations.pdf pdf
1 BSIMM FOUNDATIONS REPORT – VERSION 13 FOUNDATIONS REPORT 2022
September 19, 2022 - Practice. A grouping of BSIMM activities. The SSF is · organized into 12 practices, three in each of four domains.
Black Duck
blackduck.com › resources › analyst-reports › bsimm.html
BSIMM16 Software Security Assessment Report | Black Duck
February 13, 2026 - BSIMM’s strength lies in its extensive real-world dataset and comparative benchmarking capabilities. With 128 activities across 12 practices and four domains, BSIMM enables you to see precisely where you stand relative to industry peers, understand which practices are most commonly adopted, and identify emerging trends in software security.
Black Duck
blackduck.com › content › dam › black-duck › en-us › reports › bsimm-report.pdf pdf
bsimm-report.pdf
Figure 2. THE BSIMM SKELETON. Within the SSF, the 128 activities are organized into 12 BSIMM practices, which are held within four domains.
Medium
armerding.medium.com › get-to-know-the-bsimm-a-crowd-sourced-guidebook-for-your-journey-to-better-software-security-bcd8bc7d43e0
Get to know BSIMM — a crowd-sourced guidebook for your journey to better software security | by Taylor Armerding | Medium
January 14, 2025 - The structure, or so-called “skeleton” of the report contains 128 security activities organized under 12 practices that are in turn grouped under four domains. As noted, the report doesn’t dictate which of those activities your organization should implement to improve its software security. But if everybody in your industry sector is doing something that yields good results, that’s a strong indication that you ought to be doing it too. The eight industry verticals covered by BSIMM15 are the cloud, financial services, financial technology, healthcare, independent software vendors, insurance, Internet of Things (IoT), and technology.
Securityonscreen
securityonscreen.com › home › synopsys publishes bsimm12 study
Synopsys publishes BSIMM12 study - Security On Screen by The Security Industry Group
September 30, 2021 - Synopsys has published the BSIMM12, the latest version of the Building Security In Maturity Model (BSIMM) report, created to help organisations plan, execute, measure, and improve their software security initiatives. BSIMM12 reflects the software security practices observed across 128 firms ...
Apiiro
apiiro.com › glossary › bsimm
What Is BSIMM? Core Activities & Maturity Model Explained
Secure everything coding agents build, use, and ship - prevent risk before code exists, AutoFix the backlog, and protect the coding agents and supply chain.
SEI
resources.sei.cmu.edu › asset_files › Podcast › 2016_016_100_450816.pdf pdf
Copyright 2016 by Carnegie Mellon University
the first time healthcare organizations have been part of the BSIMM data set, can you talk · about the significance of that and possibly why compliance regulations like HIPAA haven't ... Gary McGraw: Sure. Regulation and compliance is very tricky. And it's important to talk about. And in fact, one of the practices, one of the 12 practices in the BSIMM, is about compliance
Software Engineering Institute
sei.cmu.edu › documents › 5032 › 2016_016_100_450816.pdf pdf
Building Security In Maturity Model (BSIMM)
the first time healthcare organizations have been part of the BSIMM data set, can you talk · about the significance of that and possibly why compliance regulations like HIPAA haven't ... Gary McGraw: Sure. Regulation and compliance is very tricky. And it's important to talk about. And in fact, one of the practices, one of the 12 practices in the BSIMM, is about compliance