Blog

BSIMM

1 min.

April 11, 2016

Build Security in Maturity Model (BSIMM) is a software security measurement framework that helps organizations gauge their software security and build a maturity model based on actual data gathered from real-world software security initiatives. What is inside the BSIMM? It describes 112 activities that have been organized in 12 different practices according to a software security framework. A scorecard is eventually generated.’

Additional Reading:

Building Security in Maturity Model (BSIMM)
Read more about BSIMM on CheckMarx blog: Building Secure Applications: How Mature Are You?
CheckMarx solution for compliance and risk management – Click Here.

Continue to AppSec Beginners Guide: OpenSAMM

Want to learn more? Here are some additional pieces for you to read.

Blog
What is ASPM and Why Do You Need It in Your Cyber Toolkit?

Blog
The MITRE CVE Program Funding Situation: Response From Checkmarx

Blog
The AppSec Manager’s Guide to Understanding the Hidden Threats of Malicious Code in Open Source Software

Blog
Secret Sprawl: The Silent Threat to Enterprise Security

Blog
The Trinity of Architects: How to Ensure Enterprise Grade Application Security

Zero Post
CVE-2025-27520 Critical RCE In BentoML Has Fewer Affected Versions Than Reported

Blog
Securing the AI Development Lifecycle: From Code Generation to Deployment

Blog
The Future of AI in DevSecOps: Advanced and Automated Security

Blog
The ROI of SCA: Reducing Technical Debt and Enhancing Security

Blog
Security in Vibe Coding: Innovation Meets Risk

Zero Post
The Glass Sandbox – The Complexity of Python Sandboxing

Zero Post
Behind the Middleware Curtain — Explaining CVE-2025-29927, A Critical Authorization Bypass in Next.js

Zero Post
Find and Fix CVE-2025-30066, Compromised GitHub Actions Leading to Credential Leaks

Blog
CVSS v4.0: What You Need to Know about the Latest Version

Blog
Expanding AppSec Coverage with PII Leak Detection with Checkmarx + HoundDog.ai

Blog
The Dangers of Exposed Secrets – and How to Prevent Them

Blog
Breaking the Bottleneck: How AppSec Managers Can Reduce Risk Without Slowing Down Development

Zero Post
Understanding Vulnerability Hunting and its Challenges

Blog
Checkmarx One Named Best DevSecOps Solution in the 2024 DevOps Dozen Awards

Blog
A DevOps Architect’s Guide to Developer-Friendly AppSec Tools

BSIMM

Read More