New BSIMM10 Study Highlights the Impact of DevOps on Software Security

Secure Product

Publish Date

Sep 18, 2019

Written by

ZN Logo for Blog


Tagged with

  • BSIMM10

The Building Security In Maturity Model (BSIMM) is a tool for measuring and evaluating software security initiatives, designed to help organizations plan, execute, mature and measure their software security initiatives (SSIs). BSIMM10, released today by Synopsys, is the latest version of the study and co-authored by Sammy Migues, principal scientist at Synopsys, Michael Ware, managing principal at Synopsys and John Steven, chief technology officer at ZeroNorth. The study highlights the impact of DevOps on software security initiatives, the emergence of a new wave of engineering-driven security efforts and how firms progress through three phases of software security maturity.

Key areas of findings in this year’s study focus on:
• DevOps’ impact on software security
• The new wave of engineering-driven software culture
• Navigating the software security journey at various stages of maturity

To download the report, visit

eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now


Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles


Meet Your New CPSO: The Next Generation of Product Security

By ZeroNorth Feb 24, 2021

Over the past ten years, rising security breaches within leading companies have continually reinforced the need for a chief information security officer, or CISO, to protect ...

Read More

Continuous Security

It’s Time to Understand Risk in The Software Supply Chain

By ZeroNorth Feb 2, 2021

By now, everyone has heard about the malicious December 2020 attack on SolarWinds’ Orion software platform, which affected the US Treasury, US Department of Commerce and ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.