"90% Of Orgs Have Software Security Checkpoints in Their Software Development Lifecycle (SDLC)"
According to the new Synopsys Building Security In Maturity Model (BSIMM) report, 90 percent of the member organizations surveyed have established software security checkpoints in their Software Development Lifecycle (SDLC), indicating that this is an important step toward success in their software security initiatives. Furthermore, over the last year, there has been a 51 percent increase in activities associated with controlling open-source risk, as well as a 30 percent increase in organizations developing and maintaining a Software Bill of Materials (SBOM). The BSIMM, which was founded in 2008, is a tool for developing, measuring, and evaluating software security initiatives. It employs a data-driven model that draws on the industry's largest dataset of global cybersecurity practices. BSIMM was created after careful research and analysis of over 200 software security initiatives. The BSIMM13 report examined software security practices at 130 enterprise organizations, including 48 Fortune 500 companies like Adobe, Bank of America, and Lenovo, in their collective efforts to secure over 145,000 applications built and maintained by nearly 410,000 developers. The findings show that BSIMM member organizations are implementing a "shift everywhere" approach to perform automated and continuous security testing throughout the SDLC and manage risk across their entire application portfolio. Whether an organization is developing a software security initiative or maintaining an established program, BSIMM13 data indicates that all organizations should implement automated software security tools, use data to drive security decisions, move toward automating security testing and decisions, create a comprehensive SBOM, and more. This article continues to discuss key findings and suggestions shared in the latest BSIMM trends and insights report.