Groowe Groowe BETA / Newsroom
⏱ News is delayed by 15 minutes. Sign in for real-time access. Sign in

Black Duck Releases BSIMM16 Revealing AI and Regulatory Compliance Reshaping Application Security Processes

prnewswire.com
BB The article discusses Black Duck's BSIMM16 report, which analyzes application security trends including AI adoption and regulatory compliance. While Black Duck is a leader in AI-powered application security, the article focuses on industry trends rather than specific company performance or stock outlook.

The industry's largest application security study shows organizations adapting to AI-generated code, government mandates, and evolving training methods

BURLINGTON, Mass., Feb. 4, 2026 /PRNewswire/ -- Black Duck ®, the leader in AI-powered application security, today announced the release of BSIMM16, the 16th edition of the Building Security In Maturity Model (BSIMM), revealing how organizations worldwide are transforming their software security initiatives (SSIs) to manage risk introduced by AI adoption, increasing regulatory pressures, and the need for more agile security training approaches. For the first time in BSIMM's 16-year history, AI has overtaken all other forces in reshaping security priorities.

The comprehensive study is based on assessments of 111 organizations across multiple industry verticals including financial services, healthcare, technology, and independent software vendors (ISVs). The report provides unprecedented insights into real-world application security practices protecting approximately 91,200 applications developed by 223,700 developers.

The BSIMM16 study reveals several key trends and insights, including:

"The real risk of AI-generated code isn't obvious breakage—it's the illusion of correctness. Code that looks polished and professional can still conceal serious security flaws," said Jason Schmitt, CEO of Black Duck. "We're witnessing a dangerous paradox: developers increasingly trust AI-produced code that lacks the security instincts of seasoned experts. That's why the surge in SBOM adoption reported in BSIMM16 is so critical, since it gives organizations the transparency to understand exactly what's in their software—whether written by humans, AI, or third parties—and the visibility to respond quickly when vulnerabilities surface. As regulatory mandates expand, SBOMs are moving beyond compliance—they're becoming foundational infrastructure for managing risk in an AI-driven development landscape."

Established in 2008, BSIMM is a maturity model that tracks the activities of software security professionals. It helps organizations plan, execute, and measure their software security initiatives. BSIMM data is collected through comprehensive interviews conducted during assessments by security professionals, after which the anonymized data is analyzed to identify trends in software security practices.

For the first time in its history, BSIMM16 introduces no changes to the framework structure, signaling the maturity and stability of application security practices across the industry.

To learn more, download the BSIMM16 report and read the detailed blog post.

Acknowledgements

Black Duck would like to thank Jamie Boote, Ben Hutchison, Mike Lyman, and Sam Schueller, authors of the BSIMM16. Additional thanks to the nearly 170 individuals who helped gather the data for the BSIMM data pool, along with the 111 executives from the SSIs we studied to create BSIMM16.

About Black Duck

Black Duck ® meets the board-level risks of modern software with True Scale Application Security, ensuring uncompromised trust in software for the regulated, AI-powered world. Only Black Duck solutions free organizations from tradeoffs between speed, accuracy, and compliance at scale while eliminating security, regulatory, and licensing risks. Whether in the cloud or on premises, Black Duck is the only choice for securing mission-critical software everywhere code happens. With Black Duck, security leaders can make smarter decisions and unleash business innovation with confidence. Learn more at www.blackduck.com.

SOURCE Black Duck Software