Organisations worldwide are ramping up efforts to tackle emerging security risks in artificial intelligence (AI) and software supply chains, according to the newly released BSIMM15 report from Black Duck. The report, which examines software security practices across 121 companies, reveals a sharp increase in activities aimed at strengthening defenses against evolving threats.
Key findings from the BSIMM15 report highlight significant shifts in how organisations are addressing software security:
- The number of companies conducting adversarial testing, such as abuse case scenarios, has doubled compared to last year.
- Software composition analysis (SCA) on code repositories has surged by 67%, reflecting a growing focus on supply chain security.
- A 30% rise in organisations employing research groups to explore new attack methods underscores the increasing complexity of security challenges.
- Software bills of materials (SBOMs), now a critical tool for compliance and transparency, are generated by 22% more organisations for deployed software.
AI Adoption Brings New Risks
“Over the past year, AI has gone mainstream across organizations of all sizes, bringing both opportunities and new risks,” said Jason Schmitt, CEO of Black Duck. “Prioritising security in the face of emerging technologies—especially rapidly evolving fields like AI—has never been more critical or challenging. BSIMM15 offers valuable insights into how organisations are navigating these hurdles and can serve as a guide for others looking to innovate securely and build trust in their software.”
The BSIMM15 study captures data from diverse industries, including cloud computing, financial services, healthcare, IoT, and technology. Collectively, it represents the efforts of 11,100 security professionals supporting 270,000 developers and securing 96,000 applications.
Spotlight on Software Supply Chains
Supply chain security has taken centre stage, particularly as organisations respond to U.S. government requirements for software self-attestation. BSIMM15 data shows a sharp rise in activities supporting compliance, such as the increased use of SCA tools and SBOMs. These measures are vital for ensuring transparency and security in today’s complex software ecosystems.
Security Awareness Training Declines
While strides are being made in AI and supply chain security, the report notes a concerning decline in security awareness training. Only 51.2% of organisations now offer basic training, the lowest rate observed since the BSIMM initiative began in 2008.
About BSIMM
The Building Security In Maturity Model (BSIMM) has tracked the evolution of software security practices since its inception in 2008. Through comprehensive interviews and assessments, BSIMM collects and analyses anonymised data to identify key trends and guide organisations in planning, executing, and measuring their software security initiatives.
With AI reshaping the digital landscape and supply chain threats growing more sophisticated, BSIMM15 offers a detailed look at how leading companies are staying ahead of the curve.
