🌐
Black Duck
blackduck.com › blog › bsimm-trends-and-recommendations.html
BSIMM15: New focus on securing AI and the software supply chain | Black Duck Blog
January 14, 2025 - The latest “Building Security in Maturity Model” (BSIMM) report, now in its 15th iteration, reveals how participating organizations are securing AI and other emerging technologies, as well as prioritizing efforts to secure the software supply ...
🌐
Codific
codific.com › home › appsec › bsimm (building security in maturity model): a complete guide
BSIMM (Building Security In Maturity Model): A Complete Guide - Codific
September 2, 2025 - The latest edition of the Building Security In Maturity Model, BSIMM 15, builds on the same foundation of twelve practices across four domains.
🌐
PR Newswire
prnewswire.com › news-releases › black-ducks-bsimm15-report-highlights-how-companies-are-tackling-security-risk-in-ai-and-software-supply-chains-302349399.html
Black Duck's BSIMM15 Report Highlights How Companies Are Tackling Security Risk in AI and Software Supply Chains
January 14, 2025 - BSIMM15 analyzes the software security practices of 121 organizations, including some of the most advanced companies worldwide across industries like cloud computing, financial services, fintech, healthcare, IoT, and technology.
People also ask

What are the primary components of the BSIMM that contribute to building a robust Software Security Initiative (SSI)?
The primary components of the BSIMM that contribute to building a robust Software Security Initiative (SSI) include its organization into four domains: Governance, Intelligence, SSDL Touchpoints, and Deployment, each containing specific practices and activities . Key activities within these domains involve implementing governance strategies and security checkpoints, creating and enforcing policies, using security champions, and building a security-focused culture . The BSIMM framework is descriptive, capturing real-world software security efforts across organizations, providing a shared vocabu
🌐
scribd.com
scribd.com › document › 847709659 › Bsimm-15-Report
Bsimm 15 Report
What are the key changes introduced in BSIMM15, and why are they significant for modern software security efforts?
Key changes introduced in BSIMM15 include increased focus on the integration of security into modern software development practices, like CI/CD, and adapting governance to support agile development with automated security checkpoints and telemetry . There's also a heightened emphasis on building strong vendor management relationships to ensure vendors adhere to mature software security practices, such as including security SLAs in contracts, which has seen substantial growth . BSIMM15 also stresses creating SBOMs and adopting application composition analysis to improve supply chain security .
🌐
scribd.com
scribd.com › document › 847709659 › Bsimm-15-Report
Bsimm 15 Report
How do the BSIMM's observational methods provide value to organizations compared to prescriptive security frameworks?
The BSIMM's observational methods provide value by capturing and reflecting real-world software security practices across diverse organizations, supplying a data-driven model that assists organizations in benchmarking and evolving their security programs without enforcing specific practices. This approach contrasts with prescriptive security frameworks that mandate a set of best practices. By offering a common vocabulary and methodology, the BSIMM helps organizations compare their security efforts with others and identify opportunities for strategic improvements and tailored implementations th
🌐
scribd.com
scribd.com › document › 847709659 › Bsimm-15-Report
Bsimm 15 Report
🌐
Scribd
scribd.com › document › 847709659 › Bsimm-15-Report
Bsimm 15 Report
The BSIMM15 report provides insights into the evolution and current state of software security initiatives (SSIs) across 121 organizations, highlighting key activities and trends in software security practices.
🌐
ReversingLabs
reversinglabs.com › blog › bsimm15-sbom-ai-security-modern-tooling
BSIMM15 shines light on compliance and AI security | ReversingLabs
Participants in the latest report, BSIMM15, included more than 120 companies — among them AARP, Aetna, Bank of America, Diebold Nixdorf, Eli Lilly, Fidelity, Honeywell, Johnson & Johnson, Lenovo, MassMutual, Navy Federal Credit Union, SonicWall, Synchrony Financial, TD Ameritrade, Vanguard, and ZoomInfo — as well as 11,100 security professionals who collectively help 270,000 developers working on 96,000 applications.
🌐
CIO Influence
cioinfluence.com › home › security › black duck’s bsimm15 report highlights how companies are tackling security risk in ai and software supply chains
Black Duck's BSIMM15 Report Highlights How Companies Are Tackling Security Risk in AI and Software Supply Chains
January 14, 2025 - Black Duck Software, Inc. (“Black Duck”), a leading provider of application security solutions, today released BSIMM15, the latest edition of its annual Building Security In Maturity Model (BSIMM) report.
🌐
Techstrong Learning
techstronglearning.com › home › portfolio › ai’s rise in development: what bsimm15 teaches about security
AI's Rise in Development: What BSIMM15 Teaches About Security - Techstrong Learning
January 30, 2025 - The 15th iteration of the “Building Security in Maturity Model” (BSIMM) report was just released. BSIMM is a data-driven model that helps organizations evaluate and improve their software security.
🌐
Black Duck
blackduck.com › content › dam › black-duck › en-us › reports › bsimm-report.pdf pdf
bsimm-report.pdf
NORMALIZED BSIMM ACTIVITY COUNTS................... 13 ... SOLVING THE DOCUMENTATION PROBLEM................ 14 · SOFTWARE SECURITY TRAINING IS EVOLVING.......... 14 · TOPICS WE’RE WATCHING .......................................... 15
🌐
Techstronglearning
webinars.techstronglearning.com › ais-rise-in-development-what-bsimm15-teaches-about-security
AI's Rise in Development: What BSIMM15 Teaches About Security
The 15th iteration of the “Building Security in Maturity Model” (BSIMM) report was just released. BSIMM is a data-driven model that helps organizations evaluate and improve their software security.
Find elsewhere
🌐
Medium
armerding.medium.com › get-to-know-the-bsimm-a-crowd-sourced-guidebook-for-your-journey-to-better-software-security-bcd8bc7d43e0
Get to know BSIMM — a crowd-sourced guidebook for your journey to better software security | by Taylor Armerding | Medium
January 14, 2025 - Indeed, BSIMM, the subject of an annual report by software security company Black Duck now in its 15th iteration, is an example of that cliché about many hands making light work. In this case, it’s many brains (thousands) involved in software security initiatives (SSIs) that help to generate a guidebook on what works, or doesn’t, to build more-secure software.
🌐
Codific
sammy.codific.com › browse › bsimm-15 › governance › strategy-and-metrics
Strategy and Metrics from BSIMM 15 framework | SAMMY
Explore Strategy and Metrics from BSIMM 15 with our comprehensive tool for managing compliance and maturity programs. Learn how BSIMM 15 can help you achieve application security and cybersecurity resilience
🌐
ResearchGate
researchgate.net › figure › The-domains-and-practices-of-the-BSIMM-model-15_tbl1_362371262
The domains and practices of the BSIMM model [15]. | Download Scientific Diagram
Context 1... BSIMM contains four high-level domains that, in turn, contain three practices each. These top levels of the framework are illustrated in Table 1 [15]. Each practice contains 7-12 observed and related activities, comprising of 122 ...
🌐
IT Security Guru
itsecurityguru.org › home › companies double down on ai and supply chain security, according to black duck’s bsimm15 report
Companies Double Down on AI and Supply Chain Security, According to Black Duck’s BSIMM15 Report - IT Security Guru
January 14, 2025 - Organisations worldwide are ramping up efforts to tackle emerging security risks in artificial intelligence (AI) and software supply chains, according to the newly released BSIMM15 report from Black Duck.
🌐
Codific
sammy.codific.com › browse › bsimm-15 › deployment › software-environment
Software Environment from BSIMM 15 framework | SAMMY
Explore Software Environment from BSIMM 15 with our comprehensive tool for managing compliance and maturity programs. Learn how BSIMM 15 can help you achieve application security and cybersecurity resilience
🌐
Security Boulevard
securityboulevard.com › home › security bloggers network › bsimm15 highlights compliance and ai security: why modern tooling is key
BSIMM15 highlights compliance and AI security: Why modern tooling is key - Security Boulevard
January 23, 2025 - An increase in compliance activities such as the creation of software bills of materials (SBOMs), performing software composition analysis (SCA) scans on code repositories, and securing the attack surface created by artificial intelligence (AI) applications are among the key software security trends highlighted in the latest edition of the Building Security in Maturity Model (BSIMM) report.
🌐
Codific
sammy.codific.com › browse › bsimm-15 › intelligence › security-features-and-design
Security Features and Design from BSIMM 15 framework | SAMMY
Explore Security Features and Design from BSIMM 15 with our comprehensive tool for managing compliance and maturity programs. Learn how BSIMM 15 can help you achieve application security and cybersecurity resilience