BSIMM Framework

BSIMM is made up of a software security framework used to organize the 122 activities used to assess initiatives. The framework consists of 12 practices organized into four domains.

Software Security Framework Domains

Governance

Practices that help organize, manage, and measure a software security initiative

Learn more

Intelligence

Practices that result in collections of corporate knowledge used in carrying out software security activities throughout the organization

Learn more

SSDL Touchpoints

Practices associated with analysis and assurance of particular software development artifacts and processes

Learn more

Deployment

Practices that interface with traditional network security and software maintenance organizations

Learn more

BSIMM12 Has Launched—Don’t Miss the Latest Findings

Download the latest BSIMM

The BSIMM is designed to help you understand, measure, and plan a software security initiative. The BSIMM was created by observing and analyzing real-world data from leading software security initiatives.

Useful Links

About BSIMM

Privacy & Legal

This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License