Building Security In Maturity Model (BSIMM)

The Building Security In Maturity Model (BSIMM) is a data-driven model developed through rigorous analysis of software security initiatives (SSIs), also known as application / product security programs. BSIMM11 represents the latest evolution of this detailed and sophisticated “measuring stick” for SSIs.

Our analysis of real-world data from 130 organizations in nine industry verticals revealed these trends:

  • Engineering-led software security efforts are having success contributing to DevOps value streams in pursuit of resiliency.
  • Software-defined security governance is no longer just aspirational.
  • Security is becoming part of a quality practice, which is being recognized as part of reliability, all in pursuit of resilience.
  • “Shift left” is becoming “shift everywhere.”

BSIMM is made up of a software security framework used to organize the 121 activities used to assess initiatives. The framework consists of 12 practices organized into four domains.

Download BSIMM11 now to learn about these findings and discover what activities are essential for building a successful SSI.

Visit Resource

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge