BSIMM14 report: application security automation soars
Synopsys, Inc. has released BSIMM14, the most recent edition of its annual Building Security In Maturity Model (BSIMM) report.
The report analyses software security practices across 130 organisations, spanning sectors like Cloud, financial services, FinTech, ISV, insurance, IoT, healthcare, and technology. A key insight from the report is the rapid growth in the use of automated security technology, promoting the ‘shift everywhere’ philosophy – integrating security tests throughout the entire software development life cycle – in more organisations.
Growing trend of automation adoption
This year's BSIMM study highlights a significant trend towards security automation, increasingly replacing manual, expert-driven security activities. This shift aims at reducing costs and enhancing effectiveness.
Notable trends around automation include:
- A 68% increase in mandatory code review due to easier review processes
- A reduction in costly, hard-to-automate, expert-driven activities by more than 17%, spurred by recent economic conditions
- A 10% increase in the use of modern toolchain technology, facilitating automated security testing during the QA stage
Jason Schmitt, General Manager of the Synopsys Software Integrity Group, commented: "Everyone has gone all-in on automation across a range of security functions, and that's leading directly to better practices. Companies are seeing firsthand that eliminating human error with consolidated, integrated security tooling makes security programs more effective and affordable — a compelling combination. With cyberattacks on the rise and coming from every angle, automation is proving essential to defend against myriad threats that are targeting software, while enabling companies to do more with less in this uncertain economy."
Evolving security culture
The report also sheds light on the progress made in cultivating a security-focused culture within organisations. Key developments include:
- Organisations with security champion programs, involving developers, QA analysts, or architects, scored an average of 25% higher on the BSIMM scale
- Firms are demanding higher security standards from service providers and partners, with a 21% increase in expectations for vendor security practices.
Advancements in secure software supply chain practices
The report indicates significant strides in adhering to industry best practices in security processes:
- A 22% increase in the creation of Software Bills of Materials (SBOMs) from last year
- Nearly a 10% rise in identifying and managing open source risks compared to the previous year
For a more comprehensive analysis and exploration of industry-specific trends, interested individuals can download the full BSIMM14 report.