MOUNTAIN VIEW, Calif., Sept. 15, 2020 /PRNewswire/ --Synopsys, Inc.(Nasdaq:SNPS) today publishedBSIMM11,the latest version of the Building Security In Maturity Model (BSIMM), created to help organizations plan, execute, measure, and improve their software security initiatives (SSIs). BSIMM11 reflects the software security practices observed across 130 firms from multiple industry verticals including financial services, FinTech, independent software vendors, cloud, healthcare, Internet of Things, insurance, and retail. BSIMM11 describes the work of 8,457 software security professionals who guide the efforts of over 490,000 developers.
BSIMM is used by organizations as a measuring stick to compare and contrast their own initiatives with the data from the broader BSIMM community. BSIMM11 shows that many organizations are adapting their software security efforts to support digital transformation and modern software development paradigms like DevOps.
Read the BSIMM11 Digest or download the full BSIMM11 study.
"The BSIMM is an excellent resource for security leaders interested in learning from the collective experiences of their peers, particularly to solve new or emerging challenges," said Mike Newborn, CISO of Navy Federal Credit Union, a member organization of the BSIMM community. "Today, most organizations face the challenge of securing a growing portfolio of applications against the backdrop of rapidly evolving and accelerating software development practices. BSIMM11 reflects how many of these organizations are adapting their software security strategies to protect themselves and their customers without stifling innovation or impeding the speed of development."
Emerging trends in BSIMM11
"The way modern software is built and deployed has transformed dramatically over the past few years, so naturally the efforts required to secure that software are changing as well," said Michael Ware, BSIMM co-author and senior director of technology at Synopsys. "Businesses are critically dependent on software, and modern methodologies have accelerated the speed of development. As a result, there is more software everywhere, and we still need to worry about all the pre-existing software. As a model that constantly evolves to represent the actual practices in use by hundreds of software security groups around the worldincluding some of the most advanced teams in the worldthe BSIMM provides a near-real-time view into how these changes are being implemented to protect the growing software portfolios."
New activities in the BSIMM represent a shift toward DevSecOps
The three activities added to BSIMM10 saw exceptional growth within the past year (SM3.4 Integrate software-defined lifecycle governance, AM3.3 Monitor automated asset creation, CMVM3.5 Automate verification of operational infrastructure security). This reflects how some organizations are actively working to accelerate software security efforts to match the pace of software delivery. Furthermore, the two activities added in BSIMM11 represent a continuation of that trend (ST3.6 Implementing event-driven security testing, CMVM3.6 Publishing risk data for deployable artifacts).
BSIMM across industries
BSIMM provides unique, data-driven insight to understanding and comparing the relative strengths and weaknesses of software security initiatives across a variety of industries. Cloud, Internet of Things, and high technology firms are three of the most mature verticals in the BSIMM11 data pool. BSIMM11 also highlights differences between three highly regulated industries: financial services, healthcare, and insurance. The financial services industry, which had software security groups in place earlier than other industries, was seen to have more mature practices compared to their counterparts in healthcare and insurance. For the first time, the BSIMM presents data on the FinTech vertical, and found that it tracks fairly closely to financial services, with the primary deltas (in favor of FinTech) occurring in the training, security testing, and code review practices.
Read the BSIMM11 Digest or download the full BSIMM11 study.
For an interactive discussion of the key findings in BSIMM11, register for our October 15 webinar.
Acknowledgments
Sammy Migues, principal scientist at Synopsys, Michael Ware, senior director of technology at Synopsys, and John Steven, founding principal at Aedify Security, authored BSIMM11 after analyzing data collected over nearly 12 years of software security research. Some of the companies participating in the BSIMM study include: Adobe, Aetna, Alibaba, Ally Bank, Autodesk, Axway, Bank of America, Bell, BMO Financial Group, Black Knight Financial Services, Box, Canadian Imperial Bank of Commerce, City National Bank, Cisco, Citigroup, Dahua, Depository Trust & Clearing Corporation, Eli Lilly, Equifax, Experian, F-Secure, Fannie Mae, Freddie Mac, General Electric, Genetec, Global Payments, HCA Healthcare, Highmark Health Solutions, Honeywell, Horizon Healthcare Services, HSBC, iPipeline, Johnson & Johnson, JPMorgan Chase & Co., Lenovo, MassMutual, McKesson, Medtronic, Morningstar, Navient, Navy Federal Credit Union, NCR, NEC Platforms, NetApp, NewsCorp, NVIDIA, PayPal, Pegasystems, Principal Financial Group, Royal Bank of Canada, SambaSafety, ServiceNow, Synopsys, TD Ameritrade, The Home Depot, The Vanguard Group, Trainline, Trane, U.S. Bank, Veritas, Verizon, Verizon Media, Wells Fargo, and Zendesk.
About the BSIMM
Started in 2008, the Building Security In Maturity Model (BSIMM) is a tool for creating, measuring, and evaluating software security initiatives. A data-driven model and measurement tool developed through the careful study and analysis of over 200 software security initiatives, BSIMM11 includes current, real-world data from 130 organizations. The BSIMM is an open standard that includes a framework based on software security practices, which an organization can use to assess and mature its own efforts in software security. For more information, visit http://www.bsimm.com.
About the Synopsys Software Integrity Group
Synopsys Software Integrity Group helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle. Learn more atwww.synopsys.com/software.
About Synopsys
Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Softwarepartner for innovative companies developing the electronic products and software applications we rely on every day. As the world's 15thlargest software company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and is also growing its leadership in software security and quality solutions. Whether you're a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing applications that require the highest security and quality, Synopsys has the solutions needed to deliver innovative, high-quality, secure products. Learn more atwww.synopsys.com.
Editorial Contact:Mark Van ElderenSynopsys, Inc.650-793-7450[emailprotected]
SOURCE Synopsys, Inc.
Read this article:
- 7 Reasons to Retire and Relocate When Savings Fall Short ... - ThinkAdvisor - October 9th, 2023 [October 9th, 2023]
- Strive Asset Management vs. Engine No. 1: How Did the Activists ... - Morningstar - September 21st, 2023 [September 21st, 2023]
- New Taskforce to build UK nuclear skills - GOV.UK - July 31st, 2023 [July 31st, 2023]
- National Bank of Canada FI Has $16.22 Million Position in ... - Defense World - June 26th, 2023 [June 26th, 2023]
- RIT part of National Science Foundation grant to help spur next ... - Rochester Institute of Technology - May 22nd, 2023 [May 22nd, 2023]
- 2023 NAIA Outdoor Track & Field Regional Awards - U.S. Track & Field and Cross Country Coaches Association - May 22nd, 2023 [May 22nd, 2023]
- P&I wins ASBPE national gold award for managers microsite - Pensions & Investments - May 22nd, 2023 [May 22nd, 2023]
- The National - January 30th, 2023 [January 30th, 2023]
- Dimon Highlights Need For More Oil And Gas Investment As Vanguard Bails On ESG Group - Forbes - December 16th, 2022 [December 16th, 2022]
- About Us | National Vanguard - November 19th, 2022 [November 19th, 2022]
- Vanguard News Network - October 11th, 2022 [October 11th, 2022]
- Retirement Clearinghouse Announces Auto-Portability Network with Fidelity, Vanguard and Alight | PLANSPONSOR - PLANSPONSOR - October 11th, 2022 [October 11th, 2022]
- Abenaa Jones named Ann Atherton Hertzler Early Career Professor - Pennsylvania State University - August 6th, 2022 [August 6th, 2022]
- City of Detroit, Charles H. Wright Museum of African American History, join the Black Theatre Network (BTN) to host Broadway Comes Home to Detroit, a... - July 25th, 2022 [July 25th, 2022]
- California Senate Votes to Keep Legalized Slavery in its Prisons - The Peoples Vanguard of Davis - June 29th, 2022 [June 29th, 2022]
- Schneider National (NYSE:SNDR) Now Covered by Analysts at Credit Suisse Group - Defense World - June 29th, 2022 [June 29th, 2022]
- Introducing the Truckstop.com Partner Marketplace: A Comprehensive Transportation and Logistics Ecosystem Empowering the Freight Community - Yahoo... - June 29th, 2022 [June 29th, 2022]
- A Pilgrimage to the Birthplace of the Modern Womens Rights Movement - AFAR Media - June 29th, 2022 [June 29th, 2022]
- White Child Adopted by Black Reality TV Star Beaten to Death - June 24th, 2022 [June 24th, 2022]
- National Car Rental - Wikipedia - June 24th, 2022 [June 24th, 2022]
- Down 15% in 2022, is it time to jump on Vanguard Australian Shares Index ETF? - The Motley Fool Australia - June 24th, 2022 [June 24th, 2022]
- LIVE BLOG: 2022 Corps at the Crest - San Diego - FloMarching - June 24th, 2022 [June 24th, 2022]
- Greater Sacramento Attends Bio International Convention in San Diego - The Peoples Vanguard of Davis - June 22nd, 2022 [June 22nd, 2022]
- Vanguard International Semiconductor : VIS and National Yang Ming Chiao Tung University Cofound Intelligent Manufacturing and Management Laboratory -... - June 22nd, 2022 [June 22nd, 2022]
- The Shadow Of June 12 - The Left and Nigeria's Democratic Revolution, By Baba Aye - SaharaReporters.com - June 22nd, 2022 [June 22nd, 2022]
- Yolo County Honors Juneteenth with Celebration - The Peoples Vanguard of Davis - June 22nd, 2022 [June 22nd, 2022]
- Commentary: Why San Francisco May Not Be the Best Test Case for Progressivism - The Peoples Vanguard of Davis - June 22nd, 2022 [June 22nd, 2022]
- As tennis fans gather Wimbledon worries expansion won't get over the line - The National - June 22nd, 2022 [June 22nd, 2022]
- Vanguard Charitable survey: More than 1 in 3 American donors gave half or more of their charitable contributions to disaster relief efforts in the... - May 20th, 2022 [May 20th, 2022]
- National Grid warns on cost-of-living challenges after strong profit (NYSE:NGG) - Seeking Alpha - May 20th, 2022 [May 20th, 2022]
- Is it a good time to buy the Vanguard Australian Shares Index ETF? - The Motley Fool Australia - May 20th, 2022 [May 20th, 2022]
- Student Opinion: The Biden Administration and Cable Companies Working Together to Bring Internet to Millions of Households - The Peoples Vanguard of... - May 20th, 2022 [May 20th, 2022]
- THE POWER OF LEADERSHIP - THISDAY Newspapers - May 20th, 2022 [May 20th, 2022]
- Vanguard may be shorting much vaunted 'owners' of its low-cost index funds as it upshifts to more Wall Street-style exec-comp tactics to thwart... - May 17th, 2022 [May 17th, 2022]
- Opinion | BlackRock, Vanguard and State Street Control a Piece of Nearly Everything - The New York Times - May 17th, 2022 [May 17th, 2022]
- Somalis receive explosive threat reduction training | Shephard - Shephard News - May 17th, 2022 [May 17th, 2022]
- JV Article: Platinum Group Metals is at the vanguard of next generation lithium-ion batteries - The Northern Miner - May 17th, 2022 [May 17th, 2022]
- Neo-Nazi Alex Davies guilty of belonging to banned terror group National Action - Tell MAMA - May 17th, 2022 [May 17th, 2022]
- Firearm-Related Homicides Reach an Unprecedented Level in the 21st Century - The Peoples Vanguard of Davis - May 17th, 2022 [May 17th, 2022]
- Satellites, the Space Race, and Supercomputing: How NASA Goddard's Beowulf Cluster Computer Became an Award-Winning Space Technology - NASA (.gov) - May 17th, 2022 [May 17th, 2022]
- Vanguard may be shorting much vaunted 'owners' of its low-cost index funds as it shifts to Wall Street-style exec-comp tactics to thwart competitors... - May 15th, 2022 [May 15th, 2022]
- Senate Democrats Fail to Codify Abortion Rights; Don't Have Votes to Overcome Filibuster Dem Manchin Votes with GOP - The Peoples Vanguard of Davis - May 15th, 2022 [May 15th, 2022]
- The School Buzz: Vanguard rocketry team competing for national title - KRDO - May 9th, 2022 [May 9th, 2022]
- The Anglo-Indian-Nigerian designer at the vanguard of British fashion - The National - May 9th, 2022 [May 9th, 2022]
- Candidate for Yolo County District Attorney Cynthia Rodriguez Announced Her Growing List of Endorsements in a Press Release on Thursday - The Peoples... - May 9th, 2022 [May 9th, 2022]
- Commentary: Trends Are Pushing Tech, Housing Toward Sacramento Region - The Peoples Vanguard of Davis - May 9th, 2022 [May 9th, 2022]
- UK Government announces 2 billion investment into nuclear submarines - The National - May 9th, 2022 [May 9th, 2022]
- Workers grapple with new stresses as they return to office - Tampa Bay Times - May 9th, 2022 [May 9th, 2022]
- Who is Ib Kamara, the new Off-White art director to fill Virgil Abloh's shoes? - The National - May 9th, 2022 [May 9th, 2022]
- Vanguard Lions Defeat Statesmen To End The Year - Victory Sports Network - April 15th, 2022 [April 15th, 2022]
- Other days - Arkansas Online - April 15th, 2022 [April 15th, 2022]
- Democrats are in danger of losing three congressional strongholds in South Texas - Standard-Times - April 15th, 2022 [April 15th, 2022]
- Remembering the WNBA's Portland Fire - Vanguard - Psuvanguard.com - April 13th, 2022 [April 13th, 2022]
- Honoring the life of Amara Marluke - Vanguard - Psuvanguard.com - April 13th, 2022 [April 13th, 2022]
- The grim outlook of owning and renting - Vanguard - Psuvanguard.com - April 13th, 2022 [April 13th, 2022]
- 2022 NAIA Women's Outdoor Track & Field Rating Index Week 3 - U.S. Track & Field and Cross Country Coaches Association - April 13th, 2022 [April 13th, 2022]
- ECOWAS and Nigeria Agree on a Roadmap to Institutionalise a Government and Society Wide Approach - African Business - March 17th, 2022 [March 17th, 2022]
- LA Treasurer joins other states in divesting Russian investments - KATC News - March 8th, 2022 [March 8th, 2022]
- How the US and Europe helped Ukraine prep for insurgency - ArmyTimes.com - March 8th, 2022 [March 8th, 2022]
- A Trailblazing Engineer Says Invention Is in Everything I Do - Tufts Now - March 8th, 2022 [March 8th, 2022]
- Russias Invasion of Ukraine and Implications for the Korean Peninsula - Council on Foreign Relations - March 8th, 2022 [March 8th, 2022]
- Vanguard University saying goodbye to the Pit - Los Angeles Times - January 14th, 2022 [January 14th, 2022]
- Energy Ended Up as a Good Bet Last Year. But Now What? - The New York Times - January 14th, 2022 [January 14th, 2022]
- Kensington Vanguard National Land Services - December 19th, 2021 [December 19th, 2021]
- Barry Harris, Pianist and Devoted Scholar of Bebop, Dies at 91 - The New York Times - December 10th, 2021 [December 10th, 2021]
- From Our Archives: a Profile of Bob Dole, Once the Senate's "Funniest Member" - Washingtonian - December 7th, 2021 [December 7th, 2021]
- National Auto Care on acquisition spree amid F&I consolidation - Automotive News - December 5th, 2021 [December 5th, 2021]
- A decade of marketisation has left lecturers with no choice but to strike - The Guardian - December 5th, 2021 [December 5th, 2021]
- A New Vanguard Is Reshaping the Art World - HarpersBAZAAR.com - December 5th, 2021 [December 5th, 2021]
- Opinion | The Trump Conspiracy Is Hiding in Plain Sight - The New York Times - December 5th, 2021 [December 5th, 2021]
- The forgotten importance of the War of Jenkins' Ear - The Economist - December 5th, 2021 [December 5th, 2021]
- What Conservative Critics of Higher Education Share - The Atlantic - December 5th, 2021 [December 5th, 2021]
- The Unite the Right trial is exposing the chasm between who plans White nationalism's battles and who does the fighting - ABC17News.com - November 19th, 2021 [November 19th, 2021]
- Tordue Salem: Journalists ask National Assembly to order independent inquiry into death of missing reporter - Premium Times - November 19th, 2021 [November 19th, 2021]
- Abu Dhabi to Welcome Two New Museums in Addition to Guggenheim and Zayed - Artforum - November 19th, 2021 [November 19th, 2021]
- Gauteng government at the vanguard of SAs green economy plans - Business Day - November 17th, 2021 [November 17th, 2021]
- 25 years of school and family connections | Hub - The Hub at Johns Hopkins - November 17th, 2021 [November 17th, 2021]
- Opinion: Organized crime is a top driver of global deforestation and climate change - Houston Chronicle - November 17th, 2021 [November 17th, 2021]
- Letters to the editor: Lend a hand to these family caregivers - Austin American-Statesman - November 15th, 2021 [November 15th, 2021]
- University of Chicago to award four honorary degrees at 2022 Convocation - UChicago News - November 9th, 2021 [November 9th, 2021]