Today, Synopsys released BSIMM14, the latest iteration of its annual Building Security In Maturity Model (BSIMM) report. This comprehensive analysis delves into the software security practices of 130 organisations, encompassing leading companies across various industries such as cloud, financial services, FinTech, ISV, insurance, IoT, healthcare, and technology.
The report highlights a significant surge in the adoption of automated security technology, contributing to the widespread embrace of the “shift everywhere” philosophy. This philosophy entails conducting security tests throughout the entire software development life cycle and is gaining traction among a growing number of organisations.
The key trend identified in this year’s findings is the increasing reliance on security automation, replacing manual, subject matter expert-driven security activities. This shift is driven by the desire to reduce costs and enhance overall effectiveness. Notable insights from the report include a 200% increase in automated, event-driven security testing over the past two years.
Automation’s impact extends to various aspects, such as a 68% growth in mandatory code review over the last five years, improved affordability due to the reduction of expensive, difficult-to-automate activities, and a 10% growth in the use of modern toolchain technology for automated security testing in the QA stage.
Jason Schmitt, the general manager of the Synopsys Software Integrity Group, emphasised the pervasive adoption of automation, noting its role in eliminating human error and consolidating security tooling. This, in turn, makes security programs more effective and affordable, crucial in the face of increasing cyber threats.
The report also sheds light on the maturation of the culture of security within organisations. Security champions programs, comprising developers, QA analysts, or architects in a security-enabler role, were found to positively impact organisations, earning an average 25% higher BSIMM score.
Furthermore, organisations are raising the bar for their service providers and partners, with a 21% increase in expectations for strong vendor security practices, aligning them with internal standards.
The BSIMM14 report also indicates progress in secure software supply chain practices. Organisations are increasingly developing Software Bills of Materials (SBOMs), showing a 22% increase from the previous year. Additionally, there is a growing awareness of and effort to control open source risk, with just under a 10% increase from the previous year.
As cyber threats continue to rise, the report concludes that automation is proving essential for defending against diverse threats while enabling organisations to operate more efficiently in an uncertain economic landscape. Interested individuals can access the full BSIMM14 report for a detailed analysis of the data and exploration of industry-specific trends.