Building Security In Maturity Model (BSIMM)
Bringing science to software security
In this era of digital transformation and continual change, building secure, high-quality software is more challenging than ever. If you want to instill, measure, manage, and evolve software security activities in a consistent, coordinated fashion, you need a software security initiative (SSI).
You must also ensure your SSI keeps pace with your dynamic development environment: development approaches, DevOps culture, deployment environments, regulatory requirements, supply chain, software release cycles, and so much more. To do that, you need visibility into the current state of your SSI, as well as the data to create an improvement strategy and prioritize SSI change.
The Building Security In Maturity Model (BSIMM) is a benchmarking tool that gives you an objective, data-driven view into your current software security initiative.
The BSIMM is one of the best yardsticks available today, built from real-world data and useful for measuring how your software security initiative stacks up against your industry peers. The BSIMM also provides concrete details to show your executive team and Board how your security efforts are making a difference.
What does a BSIMM assessment do?
Since 2008, the BSIMM has served as an effective tool for understanding how organizations of all shapes and sizes, including some of the most advanced security teams in the world, are executing their software security strategies. The current BSIMM data reflect how many organizations are adapting their approaches to address the new dynamics of modern development and deployment practices, such as shorter release cycles, increased use of automation, and software-defined infrastructure."
Jim Routh
|Head of enterprise information risk management at MassMutual
Find out what the BSIMM is all about and how you can use real data to drive and improve your software security initiative.
Become part of the growing BSIMM community
Participating in a BSIMM assessment gives you ongoing access to a unique and private community of software security leaders where you can discuss common issues and find common solutions.