Sorry, not available in this language yet


Where application security leaders come to reduce their software risk

Building Security In Maturity Model (BSIMM) helps organizations plan, implement, and measure their software security initiatives. A BSIMM assessment provides an objective, data-driven evaluation that leaders seeking to improve their security postures can use to base decisions about resources, time, budget, and priorities. The annual BSIMM report offers analysis derived from hundreds of assessments across several industry verticals and serves as an important benchmark for security professionals, college curriculums, and analysts. BSIMM also includes a robust community where members share best practices and exclusive content, and collaborate with security peers.

BSIMM Trends & Insights

BSIMM Trends & Insights

The annual BSIMM report is a data-driven analysis of real-world software security initiatives. It provides a measuring stick to compare your organization’s software security program and evolve it over time.

BSIMM assessment

BSIMM Assessment

A BSIMM assessment analyzes your software security initiative against hundreds of other organizations across several industry verticals. It also provides a detailed roadmap based on your specific needs and capabilities.

What people say about BSIMM

"The BSIMM study is very aligned in terms of accessing industry best practices. It can be used to understand the level of maturity in a variety of development security activities as observed across multiple development teams. With rapidly accelerating software development practices, BSIMM12 data illustrates the actual shifts taking place in security development programs. With this information, organizations can adapt their own strategies to protect their organization and customers without dampening innovation.”

 Todd Wiedman, CISO at Landis+Gyr, a member organization of the BSIMM community

"Over the last 18 months, organizations experienced a massive acceleration of digital transformation initiatives. This has resulted in increased adoption of software-defined approaches for deploying and managing software environments and cloud technology stacks. Given the complexity and pace of these changes, it’s never been more important for security teams to have the tools which allow them to understand where they stand and have a reference for where they should pivot next. The BSIMM is a management tool for serving such a purpose. The BSIMM provides a unique lens into how organizations are shifting strategies for implementing software-defined security features like policy as code to align with modern software development principles and practices.”  

Mike Ware, Information Security Principal at Navy Federal Credit Union, a member organization of the BSIMM community

Download the BSIMM Trends & Insights report

Get the latest information on software security measurement from the most recent BSIMM report.

BSIMM Trends & Insights report download