The automation of software security functions is experiencing a significant surge, according to the latest edition of the Building Security In Maturity Model (BSIMM) report from Synopsis. The research highlights a growing trend towards a ‘shift everywhere’ culture, where security tests are conducted throughout the entire software development life cycle, across more organizations.
The report reveals that automation has resulted in a 68 percent increase in mandatory code review over the past five years. Due to recent economic conditions, activities that are difficult to automate and heavily reliant on subject matter experts have been reduced. Centralized defect reporting and attack lists have experienced a decline in usage by more than 17 percent.
Another significant development is the greater utilization of toolchain technology by organizations. This modern toolchain technology enables automated security testing in the QA stage, leading to a 10 percent growth in various related security activities.
Jason Schmitt, the general manager of the Synopsys Software Integrity Group, explains the benefits of automation, stating, Everyone has gone all-in on automation across a range of security functions, and that’s leading directly to better practices. Companies are seeing first-hand that eliminating human error with consolidated, integrated security tooling makes security programs more effective and affordable — a compelling combination.
The report also uncovered that firms with security champion programs, consisting of developers, QA analysts, or architects in a security-enabler role, achieved an average 25 percent higher BSIMM score than firms without such initiatives. Additionally, businesses are placing higher demands on their service providers and partners in terms of security measures.
Automation is proving to be an essential defense against the increasing number of cyberattacks targeting software. Furthermore, given the uncertain economic climate, automation allows companies to achieve more with fewer resources.
In conclusion, the latest BSIMM report demonstrates the rapid growth of automation in software security functions. This shift is leading to enhanced practices and cost-effectiveness in security programs, with automated testing throughout the software development life cycle becoming a standard practice. As cyber threats continue to proliferate, automation is crucial in safeguarding software and enabling companies to navigate an ever-evolving landscape efficiently.