"Firms Act to Beef up Software Supply Chain Security"

In order to protect the software supply chain, new data shows a significant increase in activities to secure open source components and integrate security into developer toolchains. The 13th edition of Synopsys' Building Security In Maturity Model (BSIMM) report examines 130 organizations, including Adobe, PayPal, and Lenovo, and their efforts to secure over 145,000 applications built and maintained by nearly 410,000 developers. The report finds that most enterprise organizations are taking a risk-based approach to application security with the focus on software supply chains. According to Jason Schmitt, general manager of the Synopsys Software Integrity Group, this approach acknowledges that security is not limited to the codebase as it includes the software development process, where security reviews and testing shift everywhere to improve security results. The findings also show that BSIMM member organizations' software security initiatives are maturing, and they are now looking for ways to improve their programs' scalability, efficiency, and overall effectiveness. Over the last year, there has been a 51 percent increase in activities related to controlling open source risk, as well as a 30 percent increase in organizations creating and maintaining a Software Bill of Materials (SBOM) to catalog the components in their deployed software. This article continues to discuss key findings from the 13th edition of the BSIMM report. 

BetaNews reports "Firms Act to Beef up Software Supply Chain Security"