High-profile attacks have sharpened organizations' focus on software security
High-profile ransomware and software supply chain disruptions are driving increased attention on software security, according to the latest Building Security In Maturity Model (BSIMM) report from Synopsys.
The BSIMM12 data indicates a 61 percent increase in software security groups' identification and management of open source over the past two years, almost certainly due to the popularity of open source components in modern software and the rise of attacks using open source projects as vectors.
It shows businesses are making more effort to collect and publish their software security initiative data, demonstrated by a 30 percent increase of 'publish data about software security internally' activity over the past 24 months. They're also developing their own capabilities for managing cloud security and evaluating their shared responsibility models.
There's a shift towards security teams partnering with DevOps too, with the objective of including security efforts in the critical path for software delivery. This goes hand-in-hand with a move from 'shift left' -- focusing on moving security testing earlier in the development process -- to 'shift everywhere' -- extending the idea to making security testing continuous throughout the software lifecycle.
"Since 2008, BSIMM consulting, research, and data experts have been gathering data on the different paths that organizations take to address the challenges of securing software," says Jason Schmitt, general manager of the Synopsys Software Integrity Group. "With an average age of 4.4 years, BSIMM participating organizations' software security initiatives reflect how organizations are adapting their approaches to address the new dynamics of modern development and deployment practices. With this information, organizations can then adapt their own strategies to protect their organization and customers without dampening innovation."
You can find out more and get the full BSIMM12 report on the Synopsys blog.
Image credit: mikkolem/depositphotos.com