• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Tech layoffs at big companies could be a boon for startups and entrepreneurship – Startup

January 29, 2023

ADS-B Exchange, the Flight Tracker That Powered @ElonJet, Sold to Jetnet

January 29, 2023

Is A Recession A Good Time To Start A New Business?

January 29, 2023
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    Samsung’s One UI 5 update is largely about personalization

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»Report: 90% of orgs have software security checkpoints in their software development lifecycle (SDLC)
Security

Report: 90% of orgs have software security checkpoints in their software development lifecycle (SDLC)

September 23, 2022No Comments4 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Report: 90% of orgs have software security checkpoints in their software development lifecycle (SDLC)
Share
Facebook Twitter LinkedIn Pinterest Email

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.


According to the latest edition of the annual Synopsys Building Security In Maturity Model (BSIMM) report, 90% of the member organizations surveyed have established software security checkpoints in their software development lifecycle (SDLC), indicating that this is an important step to success in their software security initiatives.

Additionally, there was a 51% increase in activities associated with controlling open-source risk over the last 12 months, as well as a 30% increase in organizations building and maintaining a software bill of materials (SBOM).

About the Synopsys BSIMM

Started in 2008, the BSIMM is a tool for creating, measuring and evaluating software security initiatives. It uses a data-driven model leveraging the industry’s largest dataset of worldwide cybersecurity practices. BSIMM was developed through the careful study and analysis of more than 200 software security initiatives.

Image source: Synopsys

The BSIMM13 report analyzed the software security practices across 130 enterprise organizations — including 48 Fortune 500 companies such as Adobe, Bank of America and Lenovo — in their cumulative efforts to secure more than 145,000 applications built and maintained by nearly 410,000 developers. 

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

The findings highlight significant increase in activities that indicate BSIMM member organizations are implementing a “shift everywhere” approach to perform automated and continuous security testing throughout the SDLC and manage risk across their complete application portfolio.

See also  API safety strikes mainstream | WeLiveSecurity

Year-over-year trends

One way to examine differences between last year’s BSIMM12 and BSIMM13 is to look for trends, such as a high growth in observation rates among common activities. For example, the observation rate for six activities below grew at 20% or higher in BSIMM13 observations compared to last year. This includes the following:

  • 34% implement cloud security controls.
  • 27% make code review mandatory for all projects.
  • 25% create a standards review process.
  • 25% gather and use attack intelligence.
  • 24% identify open source.
  • 20% require security sign-off for compliance-related risk.     
Image source: Synopsys.

Taking action

Whether organizations are in the process of creating a software security initiative or maintaining a mature program, BSIMM13 data indicates they should be considering the following key actions:

Put automated software security tools into place 

Whether used for static or dynamic testing or software composition analysis, these tools can help remedy defects and identify known vulnerabilities in your software, whether that software was developed in-house, is commercial third-party software, or is open source.

Use data to drive security decisions

Collect and combine data from your security testing tools and use that data to create and enforce software security policies. Gather data on what testing was performed and what issues were discovered to drive security improvements in both the software development lifecycle and your governance processes.

Move toward automating security testing and decisions

Move away from human-intensive manual approaches to more effective, consistent, and repeatable automated approaches.

Move to smaller, automated checks within the SDLC

Whenever possible, replace manual activities such as pen testing or manual code review with smaller, faster, pipeline-driven, testing whenever there is an opportunity to check software. 

See also  Google Cloud rebrands Siemplify to Chronicle Security Operations

Create a comprehensive SBOM as soon as possible

A software bill of materials should inventory your assets, along with open source and third-party code.

The BSIMM is an open standard that includes a framework based on software security practices, which an organization can use to assess and mature its own efforts in software security.

BSIMM methodology

BSIMM data originates in interviews conducted with member firms during a BSIMM assessment. After each assessment, the observation data is anonymized and added to the BSIMM data pool, where statistical analysis is performed to highlight trends in how BSIMM firms are securing their software.

Read the full report from Synopsis.

Source link

checkpoints development lifecycle orgs report SDLC security software
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Can The Entrepreneurial Development Ecosystem Create More Unicorns By Splitting In 2?

January 24, 2023

A Damning US Report Lays Bare Amazon’s Worker Injury Crisis

January 19, 2023

Contract lifecycle management startup SirionLabs raises $25M – Startup

January 16, 2023

The only eCommerce CRM software you need

December 22, 2022
Add A Comment

Comments are closed.

Editors Picks

Steam now has support for Nintendo Joy-Cons in beta

August 7, 2022

Looking For A Board Advisor? Eight Traits That Make Up A Quality Candidate

October 7, 2022

How to pre-order the Samsung Galaxy Watch 5 and Watch 5 Pro

August 11, 2022

Meta VR headsets to stop requiring Facebook accounts

July 8, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Tech layoffs at big companies could be a boon for startups and entrepreneurship – Startup

ADS-B Exchange, the Flight Tracker That Powered @ElonJet, Sold to Jetnet

Is A Recession A Good Time To Start A New Business?

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2023 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.