Building Security In Maturity Model (BSIMM) is a study of current software security initiatives or programs. It quantifies the application security (appsec) practices of different organizations across industries, sizes, and geographies while identifying the variations that make each organization unique.
BSIMM consists of:
- An assessment that provides an objective, data-driven evaluation of an organization’s current appsec program
- Membership in a community of security peers that offers collaboration, best practices, and exclusive content
- Global conferences that include keynote sessions from security leaders, networking opportunities, and forums to exchange techniques and practices
- An annual report (currently BSIMM12) that provides a data-driven analysis of real-world software security programs, practices, and activities