September 29, 2021 2:20 PM
Man and 2 laptop screen with program code.
Image Credit: VeniThePooh via Getty
The Transform Technology Summits start October 13th with Low-Code/No Code: Enabling Enterprise Agility. Register now!
BSIMM12 data indicates a 61% increase in software security groups’ identification and management of open source over the past two years, almost certainly due to the prevalence of open source components in modern software and the rise of attacks using popular open projects as vectors.
The growth in activities related to cloud platforms and container technologies show the dramatic impact these technologies have had on how organizations use and secure software. For example, Building Security In Maturity Model (better known as BSIMM) made only five observations of “use orchestration for containers and virtualized environments” in BSIMM10, while it made 33 observations two years later for BSIMM12 — an increase of 560%.
Another emerging trend observed in the BSIMM12 research is that businesses are learning how to translate risk into numbers. Organizations are exerting more effort to collect and publish their software security initiative data, demonstrated by a 30% increase of the “publish data about software security internally” activity over the past 24 months.
BSIMM12 data also shows an increase in capabilities focused on inventorying software; creating a software bill of materials (BOM); understanding how the software was built, configured, and deployed; and the organization’s ability to redeploy based on security telemetry.
Demonstrating that many organizations have taken to heart the need for a comprehensive up-to-date software BOM, the BSIMM activity related to those capabilities — “enhance application inventory with operations bill of materials” — increased from 3 to 14 observations over the past two years, a 367% increase.
The move from maintaining traditional operational inventories toward automated asset discovery and creating bills of material includes adding “shift everywhere” activities such as using containers to enforce security controls, orchestration, and scanning infrastructure as code.
BSIMM has grown from nine participating companies in 2008 to 128 in 2021, with now nearly 3,000 software security group members and over 6,000 satellite members (aka “security champions”).
This 2021 edition of the BSIMM report — BSIMM12 — examines anonymized data from the software security activities of 128 organizations across various verticals, including financial services, FinTech, independent software vendors, IoT, healthcare, and technology organizations.
Read the full report by BSIMM.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.
Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
up-to-date information on the subjects of interest to you
gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
networking features, and more