BSIMM 14 finds rapid growth in automated security technology

Corporations are rapidly adopting automated security technology, which is further enabling the “shift everywhere” security philosophy, according to the latest Building Security in Maturity Model (BSIMM) report released Tuesday by Synopsys.

BSIMM, now in its fourteenth year, is managed by Synopsys and based on interviews during a BSIMM assessment of 130 member companies, including Bank of America, Lenovo, Honeywell, and TD Ameritrade. After each assessment, the data is anonymized and added to a data pool where it is analyzed statistically to highlight trends about how the BSIMM companies are securing their software.

“Everyone has gone all-in on automation across a range of security functions, and that’s leading directly to better practices,” Jason Schmitt, general manager of the Synopsys Software Integrity Group, said in a statement. “Companies are seeing firsthand that eliminating human error with consolidated, integrated security tooling makes security programs more effective and affordable — a compelling combination.”

“With cyberattacks on the rise and coming from every angle, automation is proving essential to defend against myriad threats that are targeting software, while enabling companies to do more with less in this uncertain economy,” Schmitt added.

Automated security testing increases by 200%

The report noted that greater automation has enabled organizations to embrace the shift everywhere philosophy, with automated, event-driven security testing increasing by 200% over the last two years. It added that automation has led to a 68% growth in mandatory code review in the last five years and greater toolchain usage, which allows for security testing to be automated in the QA stage of the development lifecycle.

The report also found that expert-driven activities that are not easy to automate took a hit. Activities like centralized defect reporting and attack lists decreased by 17% across the BSIMM companies. “Those activities have seen a decline because relying on humans makes them more expensive, even though they provide really good benefits,” BSIMM Associate Principal Consultant Jamie Boote tells CSO. “We think that’s the thumbprint of the economy on security.”