Synopsys study highlights growth
of software security community
ynopsys has released BSIMM9,
the latest version of the Building
Security in Maturity Model
(BSIMM) designed to help organisations
plan, execute and measure their
software security initiatives (SSIs).
S
The ninth iteration of BSIMM reflects
data collected over a 10-year study
of real-world SSIs across 120 firms.
BSIMM9 highlights the impact of cloud
transformation, the emergence of a new
vertical industry – retail – represented
in the data pool and the growth of the
software security community.
“Development, security and operations
teams need to align and BSIMM9
provides data suggesting this is taking
place through automation, particularly
as software shifts to the cloud,” said Dr
Brian Chess, Senior Vice President of
Infrastructure and Security for NetSuite
at Oracle. “This is a huge move in the
right direction – greater velocity and
better security at the same time.”
BSIMM9 describes the work of
more than 7,800 software security
professionals whose work guides
and maximises the security efforts
of 415,000 developers across
approximately 135,000 applications.
BSIMM9 firms represent industry
verticals including financial services,
independent software vendors (ISVs),
cloud, healthcare, Internet of Things
(IoT), insurance and retail. Key findings
from the BSIMM9 study:
• Cloud transformation: Firms
are moving their workloads and
development pipelines to the cloud
– a paradigm shift that requires
different approaches to software
70
This is a huge move
in the right direction
– greater velocity and
better security at the
same time.
security. Three new activities
directly or indirectly related to cloud
transformation were observed and
added to the BSIMM. Furthermore,
activities observed among
independent software vendors, IoT
companies and cloud firms (three of
the most prominent verticals) have
begun to converge, suggesting that
common cloud architectures require
similar software security approaches.
• BSIMM across verticals: The
BSIMM can be used to compare
SSIs within and between verticals.
A new vertical industry – retail –
emerged in the BSIMM9 data. SSIs
in retail are maturing relatively
quickly as new models focused
on e-commerce become critical
to sustaining a healthy business.
The retail vertical is already more
mature in security than healthcare
and insurance.
• Population growth: BSIMM9
includes data collected from 120
firms, up from 109 firms in BSIMM8.
The number of software security
practitioners it measures grew by
65% and the number of developers
included grew by 43%. This notable
growth in the BSIMM population
indicates that software security is a
growing priority.
Dr Gary McGraw, Vice President of Security
Technology at Synopsys
“The BSIMM project has become a
de facto standard for assessing and
improving software security initiatives,”
said Dr Gary McGraw, Vice President of
Security Technology at Synopsys.
“By measuring your firm with the
BSIMM measuring stick, you can
directly compare and contrast your
security approach to some of the most
mature firms in the world. BSIMM9
is the culmination of a decade of
objective, observation-based work in
the field and it incorporates the largest
set of data collected about software
security anywhere.”
Organisations can use the BSIMM to
compare initiatives and determine which
additional activities might be useful to
support their overall strategies.
To download the report, visit bsimm.
com/download.html. u
Issue 07
|
www.intelligentciso.com