Firms act to beef up software supply chain security
New data reveals a significant increase in activities to secure open source components and integrate security into developer toolchains in order to protect the software supply chain.
The 13th edition of the Building Security In Maturity Model (BSIMM) report from Synopsys analyzes the software security practices of 130 organizations -- including Adobe, PayPal and Lenovo -- in their efforts to secure more than 145,000 applications built and maintained by nearly 410,000 developers.
"The BSIMM13 findings suggest that with the attention placed on software supply chains, most enterprise organizations are taking a risk-based approach to application security. Such an approach recognizes that security isn't limited to the codebase; it includes the process of software development where security reviews and testing 'shift everywhere' to continuously improve security outcomes." says Jason Schmitt, general manager of the Synopsys Software Integrity Group. "The findings also demonstrate that BSIMM member organizations’ software security initiatives are maturing, and they're now looking for ways to drive the scalability, efficiency and overall effectiveness of their programs."
The report shows a 51 percent increase in activities associated with controlling open source risk over the last 12 months, as well as a 30 percent increase in organizations building and maintaining a Software Bill of Materials (SBOM) to fully catalog the components within their deployed software.
In evidence of a 'shift everywhere' approach the report also notes a 48 percent growth in activities that enable organizations to include security tests in QA automation. 82 percent of BSIMM member organizations now use automated code review tools. In addition activities for leveraging operational data for continuous improvement have grown by 95 percent over the last 12 months.