🌐
Black Duck
blackduck.com › glossary › what-is-bsimm.html
What Is the BSIMM and How Does It Work? | Black Duck
March 12, 2026 - The BSIMM is a software security framework used to categorize activities to assess security initiatives. The framework consists of 12 practices organized into four domains:
🌐
Secureframe
secureframe.com › home › frameworks glossary › building security in maturity model (bsimm) | secureframe
Building Security In Maturity Model (BSIMM) | Secureframe
BSIMM is structured around 12 practices that span the software security domain. These practices, in turn, consist of multiple activities.
🌐
Codific
codific.com › home › appsec › bsimm (building security in maturity model): a complete guide
BSIMM (Building Security In Maturity Model): A Complete Guide - Codific
September 2, 2025 - The Building Security In Maturity Model (BSIMM) operates as an observational framework designed to evaluate and improve an organization’s software security initiatives. At its core, BSIMM defines a Software Security Framework (SSF) of 12 practices across four domains.
🌐
Sf2framework
sf2framework.com › 07-relationships › bsimm
BSIMM - Software Factory Security Framework (SF²)
BSIMM describes 128 security activities that organizations perform, organized into 12 practices across 4 domains (as of BSIMM16, 2026).
🌐
Synopsys
synopsys.com › content › dam › bsimm › reports › bsimm13-foundations.pdf pdf
1 BSIMM FOUNDATIONS REPORT – VERSION 13 FOUNDATIONS REPORT 2022
September 19, 2022 - Practice. A grouping of BSIMM activities. The SSF is · organized into 12 practices, three in each of four domains.
🌐
Black Duck
blackduck.com › blog › bsimm-software-security-activities.html
Top 5 BSIMM Software Security Activities for Trustworthy Software | Black Duck Blog
October 6, 2021 - Those activities are grouped into 12 practices that are, in turn, grouped into 4 domains: governance, intelligence, secure software development life cycle (SSDL) touchpoints, and deployment.
🌐
Black Duck
blackduck.com › resources › analyst-reports › bsimm.html
BSIMM16 Software Security Assessment Report | Black Duck
February 13, 2026 - BSIMM’s strength lies in its extensive real-world dataset and comparative benchmarking capabilities. With 128 activities across 12 practices and four domains, BSIMM enables you to see precisely where you stand relative to industry peers, understand which practices are most commonly adopted, and identify emerging trends in software security.
🌐
Konfirmity
konfirmity.com › home › glossary › bsimm framework: how it supports data protection standards (2026)
BSIMM Framework: How it supports data protection standards (2026) | Konfirmity
December 12, 2025 - The framework evolves as participating ... Touchpoints, and Deployment. The framework is organized into 12 practices, three in each of four domains....
🌐
Checkmarx
checkmarx.com › blog › understanding-the-development-best-practices-landscape-for-modern-secure-application-development
Understanding the Development Best Practices Landscape for Modern Secure Application Development - Checkmarx.com
November 22, 2025 - BSIMM collects information from around 128 firms spanning several business categories. The core of the BSIMM framework consists of 122 tasks divided into 12 practices that are organized into four domains:
🌐
Black Duck
blackduck.com › content › dam › black-duck › en-us › reports › bsimm-report.pdf pdf
bsimm-report.pdf
Figure 2. THE BSIMM SKELETON. Within the SSF, the 128 activities are organized into 12 BSIMM practices, which are held within four domains.
Find elsewhere
🌐
Security Boulevard
securityboulevard.com › home › security bloggers network › bsimm: top five software security activities that create a better software security initiative
BSIMM: Top five software security activities that create a better software security initiative - Security Boulevard
October 7, 2021 - Those activities are grouped into 12 practices that are, in turn, grouped into 4 domains: governance, intelligence, secure software development life cycle (SSDL) touchpoints, and deployment.
🌐
Software Engineering Institute
sei.cmu.edu › library › build-security-in-maturity-model-bsimm-practices-from-seventy-eight-organizations
Build Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations | CMU Software Engineering Institute
February 3, 2016 - The best way to use the BSIMM is to compare and contrast your own initiative with the data about what other organizations are doing as described in the model. You can then identify goals and objectives and refer to the BSIMM to determine which ...
🌐
Medium
armerding.medium.com › bsimm14-your-crowd-sourced-guidebook-to-better-software-security-fd02c1e58e08
BSIMM14: Crowd-sourced guidebook to better software security | by Taylor Armerding | Medium
December 11, 2023 - The BSIMM14 “skeleton” contains 126 activities organized under 12 practices that are in turn grouped under four domains. And the report doesn’t dictate exactly which activities your organization should implement to improve its software ...
🌐
Medium
armerding.medium.com › get-to-know-the-bsimm-a-crowd-sourced-guidebook-for-your-journey-to-better-software-security-bcd8bc7d43e0
Get to know BSIMM — a crowd-sourced guidebook for your journey to better software security | by Taylor Armerding | Medium
January 14, 2025 - The structure, or so-called “skeleton” of the report contains 128 security activities organized under 12 practices that are in turn grouped under four domains. As noted, the report doesn’t dictate which of those activities your organization should implement to improve its software security. But if everybody in your industry sector is doing something that yields good results, that’s a strong indication that you ought to be doing it too. The eight industry verticals covered by BSIMM15 are the cloud, financial services, financial technology, healthcare, independent software vendors, insurance, Internet of Things (IoT), and technology.
🌐
MICROWIRE.news APAC
microwire.info › bsimm12-helps-organizations-look-to-the-best-practices-in-adopting-mature-devops-and-cybersecurity
BSIMM12 helps organizations look to the best practices in adopting mature DevOps and Cybersecurity – MICROWIRE.news APAC
BSIMM12 summarizes the software security practices of 128 companies across a wide range of sectors, including the financial services, independent software vendors, cloud, healthcare, and Internet of Things.
Published   February 16, 2023
🌐
Securityonscreen
securityonscreen.com › home › synopsys publishes bsimm12 study
Synopsys publishes BSIMM12 study - Security On Screen by The Security Industry Group
September 30, 2021 - Synopsys has published the BSIMM12, the latest version of the Building Security In Maturity Model (BSIMM) report, created to help organisations plan, execute, measure, and improve their software security initiatives. BSIMM12 reflects the software security practices observed across 128 firms ...
🌐
Apiiro
apiiro.com › glossary › bsimm
What Is BSIMM? Core Activities & Maturity Model Explained
Secure everything coding agents build, use, and ship - prevent risk before code exists, AutoFix the backlog, and protect the coding agents and supply chain.
🌐
SEI
resources.sei.cmu.edu › asset_files › Podcast › 2016_016_100_450816.pdf pdf
Copyright 2016 by Carnegie Mellon University
the first time healthcare organizations have been part of the BSIMM data set, can you talk · about the significance of that and possibly why compliance regulations like HIPAA haven't ... Gary McGraw: Sure. Regulation and compliance is very tricky. And it's important to talk about. And in fact, one of the practices, one of the 12 practices in the BSIMM, is about compliance
🌐
Software Engineering Institute
sei.cmu.edu › documents › 5032 › 2016_016_100_450816.pdf pdf
Building Security In Maturity Model (BSIMM)
the first time healthcare organizations have been part of the BSIMM data set, can you talk · about the significance of that and possibly why compliance regulations like HIPAA haven't ... Gary McGraw: Sure. Regulation and compliance is very tricky. And it's important to talk about. And in fact, one of the practices, one of the 12 practices in the BSIMM, is about compliance