ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

BSIMM

Annual empirical AppSec maturity model.

Definition

BSIMM14 structure: 4 domains (Governance, Intelligence, SSDL Touchpoints, Deployment) x 12 practices x ~130 activities. Reflects what top SSI organizations DO, not what they SHOULD do. Data collected via interviews + observations. Competes with OWASP SAMM (theoretical vs empirical BSIMM).

Origin

Cigital 2008 (Gary McGraw, Sammy Migues, Brian Chess), Synopsys acquisition 2016, Black Duck Software spin-off September 2024.

Usage

Reference for Fortune 500 CISOs and VP AppSec for benchmarking against industry top quartile practices.

Related terms

  • OWASP SAMM — concurrent théorique.
  • AppSec maturity — catégorie.
  • Black Duck Software — opérateur 2024+.

Last updated: May 18, 2026