The rapid adoption of the cloud has led companies to increasingly secure open-source components in modern software.
The newly released 12th Building Security In Maturity Model (BSIMM12) report found a 61% increase in software security groups’ identification and management of open source over the past two years.
The report was created by Synopsys, a company that focuses on software security and quality.
Synopsys gathered data from 128 firms from multiple industry verticals including financial services, independent software vendors, cloud, health care, and IoT. It describes the work of nearly 3,000 software security group members and over 6,000 satellite members.
The increased security for open-source components is both due to the prevalence of open-source components and the rise of attacks on those popular components, according to the report.
Security leaders are prioritizing cloud and open-source capabilities by developing in-house capabilities for managing cloud security rather than having a reliance on cloud vendors, and also, organizations are placing increased emphasis on software suppliers and open-source risk management.
The report also found a 30% increase in the “publish data about software security internally” activity over the past 24 months, meaning that organizations are exerting more effort to collect and publish their software security initiative data.
Software Bill of Materials activities increased by 367%, which shows an emphasis on understanding how software is built, configured, and deployed, and it increased the organizations’ ability to re-deploy based on security telemetry.
Also, security teams are lending resources, staff, and knowledge to DevOps practices, and the concept of “shift left” progressed to “shift everywhere,” according to the report. “Shift everywhere” encourages companies to use containers to enforce security controls, orchestration, and scanning infrastructure as code.
