The Evolution of Software Security Best Practices

0
7

Independent software vendors, along with Internet of Things and cloud vendors, are involved in a market transformation that is making them look more alike. The similarities are evident in the way they approach software security initiatives, according to a report from Synopsys.

Synopsys on Tuesday released its ninth annual Building Security in Maturity Model, or BSIMM9. The BSIMM project provides a de facto standard for assessing and then improving software security initiatives, the company said.

Based on 10 years of conducting the software study, it is clear that testing security correctly means being involved in the software development process, even as the process evolves, said Gary McGraw, vice president of security technology at Synopsys.

Using the BSIMM model, along with research from this year’s 120 participating firms, Synopsys evaluated each industry, determined its maturity, and identified which activities were present in highly successful software security initiatives, he told LinuxInsider.

“We have been tracking each of these vendors separately over the years,” McGraw said. “We are seeing that this whole cloud thing has moved beyond the hype cycle and is becoming real. As a result, the three categories of vendors are all beginning to look the same. They are all taking a similar approach to software security.”

The BSIMM is a multiyear study of real-world software security initiatives based on data gathered by more than 90 individuals in 120 firms. The report is a measuring stick for software security, according to Synopsys.

Its primary intent is to provide a basis for companies to compare and contrast their own initiatives with the model’s data about what other organizations are doing. Companies participating in the study then can identify their own goals and objectives. The companies can refer to the BSIMM to determine which additional activities make sense for them.

Synopsys captured the data for the BSIMM. Oracle provided resources for data analysis.

Synopsys’ new BSIMM9 report reflects the increasingly critical role that security plays in software development.

It is no exaggeration to say that from a security perspective, businesses have targets painted on their backs due to the value that their data assets represent to cybercriminals, noted Charles King, principal analyst at Pund-IT.

“Software can provide critical lines of defense to hinder or prevent incursions, but to be effective, security needs to be implemented across the development cycle,” he told LinuxInsider. “The BSIMM9 report nails some high points by emphasizing the growing importance of cloud computing for businesses.”