Application Security Automation Leads BSIMM14


According to Synopsys Software Integrity Group’s latest annual Building Security in Maturity Model (BSIMM), customers automating software security operations improves software life cycle security. Read more below.

SINGAPORESynopsys, Inc. (Nasdaq: SNPS) released BSIMM14, the latest edition of the annual Building Security In Maturity Model (BSIMM) report, which evaluated software security practices at 130 organizations, including some of the most advanced in cloud, financial services, FinTech, ISV, insurance, IoT, healthcare, and technology The survey revealed that automated security technology is increasing rapidly, spreading the “shift everywhere” mindset of security testing throughout the software development life cycle to more organizations.

Rising Automation Adoption

This year’s data showed that organizations are increasingly using security automation to replace human, subject matter expert–driven security activities to cut costs and boost efficiency.

Over the past two years, automated, event-driven security testing has increased 200%, helping organizations adopt the “shift everywhere” mentality. Other findings on automation’s power include:

  • Over the past five years, obligatory code review has increased 68% due to automation.
  • Recent economic conditions have reduced pricey, subject matter expert–driven, non-automatable operations. Over 17% fewer people used centralized defect reporting and attack lists.
  • Organizations are adopting current toolchain technology to automate QA security testing, which has led to a 10% increase in numerous security operations.

“Everyone has gone all-in on automation across a range of security functions, and that’s leading directly to better practices,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “Companies are seeing firsthand that eliminating human error with consolidated, integrated security tooling makes security programs more effective and affordable — a compelling combination. With cyberattacks on the rise and coming from every angle, automation is proving essential to defend against myriad threats that are targeting software, while enabling companies to do more with less in this uncertain economy.”

Developing Security Culture

The report also indicated that consumers had improved security culture at their companies. Key findings:

  • Firms with security champion programs of developers, QA analysts, or architects in security-enabler roles had 25% higher BSIMM scores.
  • Companies expect more from vendors and partners. As companies held vendors to internal security requirements, vendor security expectations rose 21%.

Safe Software Supply Chain Procedures Get Traction

Customers also noted amazing security process improvements using industry best practices:

  • The number of Software Bills of Materials (SBOMs) created by organizations has increased by 22% since last year.
  • Open source risk identification and management grew by little under 10% last year.