The Transform Technology Summits begin October 13th with Low-Code/No Code: Enabling Enterprise Agility. Register now!
BSIMM12 information indicates a 61% enhance in application safety groups’ identification and management of open supply more than the previous two years, practically undoubtedly due to the prevalence of open supply elements in contemporary application and the rise of attacks utilizing well known open projects as vectors.
The development in activities connected to cloud platforms and container technologies show the dramatic effect these technologies have had on how organizations use and safe application. For instance, Building Security In Maturity Model (superior identified as BSIMM) made only 5 observations of “use orchestration for containers and virtualized environments” in BSIMM10, though it made 33 observations two years later for BSIMM12 — an enhance of 560%.
Another emerging trend observed in the BSIMM12 analysis is that companies are mastering how to translate threat into numbers. Organizations are exerting more work to gather and publish their application safety initiative information, demonstrated by a 30% enhance of the “publish data about software security internally” activity more than the previous 24 months.
BSIMM12 information also shows an enhance in capabilities focused on inventorying application making a application bill of supplies (BOM) understanding how the application was constructed, configured, and deployed and the organization’s capability to redeploy based on safety telemetry.
Demonstrating that numerous organizations have taken to heart the require for a complete up-to-date application BOM, the BSIMM activity connected to these capabilities — “enhance application inventory with operations bill of materials” — elevated from 3 to 14 observations more than the previous two years, a 367% enhance.
The move from preserving conventional operational inventories toward automated asset discovery and making bills of material involves adding “shift everywhere” activities such as utilizing containers to enforce safety controls, orchestration, and scanning infrastructure as code.
BSIMM has grown from nine participating organizations in 2008 to 128 in 2021, with now almost 3,000 application safety group members and more than 6,000 satellite members (aka “security champions”).
This 2021 edition of the BSIMM report — BSIMM12 — examines anonymized information from the application safety activities of 128 organizations across different verticals, such as monetary services, FinTech, independent application vendors, IoT, healthcare, and technologies organizations.
Read the complete report by BSIMM.