Automation of software security functions soars
The use of automated security technology is growing rapidly according to the latest edition of the annual Building Security In Maturity Model (BSIMM) report from Synopsys.
The research also shows that there's a move towards a 'shift everywhere' culture -- which means performing security tests throughout the entire software development life cycle -- across more organizations.
Automation has led to a 68 percent growth in mandatory code review in the last five years according to the report. Recent economic conditions have caused a reduction in expensive, subject matter expert–driven activities that are not easy to automate. Centralized defect reporting and attack lists have all decreased in usage by more than 17 percent.
There's greater toolchain usage too. Organizations are embracing modern toolchain technology that allows security testing in the QA stage to be automated -- leading to a 10 percent growth in several related security activities.
"Everyone has gone all-in on automation across a range of security functions, and that's leading directly to better practices," says Jason Schmitt, general manager of the Synopsys Software Integrity Group. "Companies are seeing first-hand that eliminating human error with consolidated, integrated security tooling makes security programs more effective and affordable -- a compelling combination. With cyberattacks on the rise and coming from every angle, automation is proving essential to defend against myriad threats that are targeting software, while enabling companies to do more with less in this uncertain economy."
Among other findings, firms with security champion programs made up of developers, QA analysts, or architects in a security-enabler role, earned an average 25 percent higher BSIMM score than firms without one. Businesses are also demanding more from their service providers and partners.