Black Duck Releases BSIMM16

The release of BSIMM16 marks a watershed moment for software security leaders, highlighting how artificial intelligence has reshaped threat landscapes. By surveying over a hundred enterprises across finance, healthcare, and technology, Black Duck shows that AI‑assisted coding assistants are no longer peripheral tools but central risk vectors. Organizations are increasingly deploying attack‑intelligence feeds and custom rule sets to detect AI‑specific flaws, underscoring the need for security teams to embed AI expertise alongside traditional testing.

Regulatory momentum is another catalyst accelerating change. Governments worldwide are mandating software‑bill‑of‑materials (SBOM) disclosures, prompting a 30% rise in SBOM generation and a dramatic surge in automated verification of infrastructure security. These mandates, driven by the EU Cyber Resilience Act and U.S. policy shifts, push firms to achieve supply‑chain transparency, standardize technology stacks, and streamline vulnerability disclosure processes. The data suggests that compliance is evolving into a foundational security layer rather than a checklist item.

Training and maturity models are also evolving. BSIMM16 reports a 29% increase in just‑in‑time, collaborative learning channels, replacing lengthy classroom courses with bite‑size modules that integrate directly into developers' workflows. Notably, the BSIMM framework itself remains structurally unchanged, signaling that the industry has reached a baseline maturity while still adapting tactics to AI and regulatory pressures. For executives, the report offers a roadmap to balance innovation with risk, emphasizing that transparent code provenance and agile learning are critical to safeguarding next‑generation applications.