Key Findings
The number of organisations conducting adversarial tests (abuse cases) has doubled year-on-year.
There has been a 67% increase in the number of organisations performing software composition analysis (SCA) on code repositories.
The number of organisations employing research groups to develop new attack methods has grown by 30%.
A 22% rise in the number of organizations creating software bills of materials (SBOMs) for deployed software has been observed.
In 2008, 100% of organizations in BSIMM1 conducted software security awareness training. By BSIMM15, this rate has declined to 51.2% of organizations, marking the lowest rate to date.
Only 51.2% of organisations now offer basic security training, which is the lowest rate observed since the BSIMM initiative began in 2008.