BSIMM15 Report

An analysis of the top software security initiatives

Download the report
BSIMM15 report cover

What’s Inside 

Building Security in Maturity Model (BSIMM) is a data-driven model developed through the analysis of real-world software security initiatives (also known as application security, product security, or DevSecOps programs). The BSIMM15 report, published in January 2025, represents the latest evolution of this detailed measuring stick for software security.

Through the analysis of 121 organizations across a variety of industry verticals, the BSIMM15 report reveals

  • The top 10 software security activities being used today
  • Notable growth in Software Bill of Materials (SBOM) creation, governance and automation, research groups focused on new attack methods, and vulnerability disclosure efforts
  • Supply chain security, “shift everywhere,” open collaboration, and other major trends
  • Key actions organizations should adopt to evolve their application security programs, including standards to control and guide adoption of AI

Download the report

BSIMM15 Report

Explore the findings based on an analysis of 121 organizations on software security trends, top security activities, growth in “shift everywhere” testing methodologies and integrations, software supply chain risk management, cloud security efforts, and key actions for improving security programs.

BSIMM15 report cover

Download the latest BSIMM

©2025 Black Duck Software, Inc. All Rights Reserved