Security Champion Blog

The latest edition of the highly-regarded BSIMM16 report on the state of application security includes intriguing insights into the breadth and impact of Security Champion programs. With data from 111 firms gathered through in-person interviews and artifact reviews, the report offers a stark look at what separates the leaders from the laggards.

As we move toward 2026, Security Champion programs are shifting from "nice-to-have" culture initiatives to essential, developer-led engineering engines. The focus has moved beyond general "awareness" to deep technical integration, AI-assisted development, and proactive governance within the code itself. Our first blog this year highlights the emerging trends that are defining the next era of developer-focused Security Champions.

A Security Champions program turns employees from various teams into security advocates and liaisons. They act as a force multiplier, bridging the gap between security professionals and the broader organization. But as your program grows, how do you keep these champions motivated and their efforts visible? The answer lies in Engagement Design.