Codific
codific.com › home › appsec › bsimm (building security in maturity model): a complete guide
BSIMM (Building Security In Maturity Model): A Complete Guide - Codific
September 2, 2025 - The latest edition of the Building Security In Maturity Model, BSIMM 15, builds on the same foundation of twelve practices across four domains.
Synopsys
synopsys.com › software-integrity › software-security-services › bsimm-maturity-model.html
BSIMM Assessment Services: Software Security Benchmarking | Black Duck
April 1, 2026 - Benchmark your AppSec program with BSIMM assessment services from Black Duck. Get data-driven insights from 100+ organizations, identify security gaps, and build a customized Maturity Action Plan (MAP) to advance your software security posture. Trusted by industry leaders worldwide.
Black Duck
blackduck.com › content › dam › black-duck › en-us › reports › bsimm-report.pdf pdf
bsimm-report.pdf
NORMALIZED BSIMM ACTIVITY COUNTS................... 13 ... SOLVING THE DOCUMENTATION PROBLEM................ 14 · SOFTWARE SECURITY TRAINING IS EVOLVING.......... 14 · TOPICS WE’RE WATCHING .......................................... 15
Black Duck
blackduck.com › glossary › what-is-bsimm.html
What Is the BSIMM and How Does It Work? | Black Duck
March 12, 2026 - Based on research with companies such as Aetna, HSBC, Cisco, and more, the Building Security In Maturity Model (BSIMM) measures software security. The BSIMM (pronounced “bee simm”) is a study of existing software security initiatives.
Infosec Institute
infosecinstitute.com › resources › application-security › software-maturity-models-for-appsec-initiatives
Software maturity models for AppSec initiatives | Infosec
January 25, 2021 - The BSIMM acts to standardize against varying initiatives that use different terminology and methodologies. By standardizing, a quantifiable framework can be created that is usable by any organization. Unlike some other frameworks, such as the Cybersecurity Maturity Model Certification (CMMC), each set of initiatives within the BSIMM is made up of unique activities; each activity level is used to distinguish the relative frequency of activity used in an organization.
Secureframe
secureframe.com › home › frameworks glossary › building security in maturity model (bsimm) | secureframe
Building Security In Maturity Model (BSIMM) | Secureframe
Get an overview of the BSIMM, including its purpose, governing body, latest update, controls and requirements, and prescribed audit type and frequency.
InformIT
informit.com › articles › article.aspx
Software [In]security: vBSIMM Take Two (BSIMM for Vendors Revised) | | InformIT
The 15 level one and level two activities chosen from the BSIMM model break out as follows: Architecture Analysis (3), Code Review (3), Security Testing (3), Penetration Testing (3), and Configuration Management & Vulnerability Management (3).
Konfirmity
konfirmity.com › home › glossary › bsimm framework: how it supports data protection standards (2026)
BSIMM Framework: How it supports data protection standards (2026) | Konfirmity
December 12, 2025 - The BSIMM framework is a data-driven approach for measuring and communicating software security maturity, grounded in observed practices of mature organizations, unlike prescriptive models. For B2B vendors, it helps demonstrate systematic security capabilities embedded in the SDLC, satisfying enterprise clients' rigorous vendor assessments and data protection requirements beyond point-in-time compliance certifications.
InformIT
informit.com › articles › article.aspx
Software [In]security: BSIMM versus SAFECode and Other Kaiju Cinema | | InformIT
We're working with a few acquirers to outline such a measurement, and such research could easily find its way into the BSIMM. The current sea change has to be a pain for vendors. A few years ago, these firms had to respond to hundreds or thousands of requests for pen testing access or results, then similar requests for site certification data, then requests for SLAs dealing with product security, then requests for source code to allow static analysis, and so on.
Black Duck
blackduck.com › resources › analyst-reports › bsimm.html
BSIMM16 Software Security Assessment Report | Black Duck
February 13, 2026 - Building Security in Maturity Model (BSIMM) is the industry’s most comprehensive framework for measuring and benchmarking software security programs. It is a descriptive model that depicts real-world practices from organizations implementing successful software security initiatives (SSIs).
Codific
sammy.codific.com › browse › bsimm-15 › deployment › software-environment
Software Environment from BSIMM 15 framework | SAMMY
Explore Software Environment from BSIMM 15 with our comprehensive tool for managing compliance and maturity programs. Learn how BSIMM 15 can help you achieve application security and cybersecurity resilience
Medium
armerding.medium.com › get-to-know-the-bsimm-a-crowd-sourced-guidebook-for-your-journey-to-better-software-security-bcd8bc7d43e0
Get to know BSIMM — a crowd-sourced guidebook for your journey to better software security | by Taylor Armerding | Medium
January 14, 2025 - Indeed, BSIMM, the subject of an annual report by software security company Black Duck now in its 15th iteration, is an example of that cliché about many hands making light work. In this case, it’s many brains (thousands) involved in software security initiatives (SSIs) that help to generate a guidebook on what works, or doesn’t, to build more-secure software.
Huawei
huawei.com › en › news › 2018 › 6 › bsimm-software-security-capabilities
Huawei Completes BSIMM Assessment of its Industry-Leading Software Security Capabilities - Huawei Press Center
June 8, 2018 - [Shenzhen, China, June 8, 2018] Huawei has become part of a select international group that has completed an assessment of its software security process and engineering capabilities with the Building Security in Maturity Model (BSIMM). At the end of Q1 2018, Huawei's software security maturity had undergone multiple rounds of BSIMM measurement.
Codific
sammy.codific.com › browse › bsimm-15 › governance › strategy-and-metrics
Strategy and Metrics from BSIMM 15 framework | SAMMY
Explore Strategy and Metrics from BSIMM 15 with our comprehensive tool for managing compliance and maturity programs. Learn how BSIMM 15 can help you achieve application security and cybersecurity resilience
Codific
sammy.codific.com › browse › bsimm-15 › intelligence › security-features-and-design
Security Features and Design from BSIMM 15 framework | SAMMY
Explore Security Features and Design from BSIMM 15 with our comprehensive tool for managing compliance and maturity programs. Learn how BSIMM 15 can help you achieve application security and cybersecurity resilience