MOUNTAIN VIEW, Calif., Oct. 2, 2018 /PRNewswire/ -- Synopsys, Inc. (Nasdaq: SNPS) today released BSIMM9, the latest version of the Building Security In Maturity Model
(BSIMM) designed to help organizations plan, execute, and measure their software security initiatives (SSIs). The ninth iteration
of BSIMM reflects data collected over a 10-year study of real-world SSIs across 120 firms. BSIMM9 highlights the impact of cloud
transformation, the emergence of a new vertical industry—retail—represented in the data pool, and the growth of the software
security community. To download the report, visit www.bsimm.com/download.html.
"Development, security, and operations teams need to align, and BSIMM9 provides data suggesting this is taking place through
automation, particularly as software shifts to the cloud," said Dr. Brian Chess, senior vice
president of infrastructure and security for NetSuite at Oracle. "This is a huge move in the right direction: greater
velocity and better security at the same time."
BSIMM9 describes the work of more than 7,800 software security professionals whose work guides and maximizes the security
efforts of 415,000 developers across approximately 135,000 applications. BSIMM9 firms represent industry verticals including
financial services, independent software vendors (ISVs), cloud, healthcare, Internet of Things (IoT), insurance, and retail.
Key findings from the BSIMM9 study:
- Cloud transformation: Firms are moving their workloads and development pipelines to the cloud—a paradigm shift that
requires different approaches to software security. Three new activities directly or indirectly related to cloud transformation
were observed and added to the BSIMM. Furthermore, activities observed among independent software vendors, IoT companies, and
cloud firms (three of the most prominent verticals) have begun to converge, suggesting that common cloud architectures require
similar software security approaches.
- BSIMM across verticals: The BSIMM can be used to compare SSIs within and between verticals. A new vertical
industry—retail—emerged in the BSIMM9 data. SSIs in retail are maturing relatively quickly as new models focused on e-commerce
become critical to sustaining a healthy business. The retail vertical is already more mature in security than healthcare and
insurance.
- Population growth: BSIMM9 includes data collected from 120 firms, up from 109 firms in BSIMM8. The number of
software security practitioners it measures grew by 65 percent, and the number of developers included grew by 43 percent. This
notable growth in the BSIMM population indicates that software security is a growing priority.
"The BSIMM project has become a de facto standard for assessing and improving software security initiatives," said Dr.
Gary McGraw, vice president of security technology at Synopsys. "By measuring your firm with the
BSIMM measuring stick, you can directly compare and contrast your security approach to some of the most mature firms in the
world. BSIMM9 is the culmination of a decade of objective, observation-based work in the field, and it incorporates the largest
set of data collected about software security anywhere."
The BSIMM includes data collected from firms that have established real SSIs, quantifying the occurrence of 116 activities to
show the common ground shared by many initiatives as well as the variations that make each initiative unique. The BSIMM data
shows that high-maturity initiatives are well-rounded, carrying out numerous activities in all 12 of the practices described by
the model. Organizations can use the BSIMM to compare initiatives and determine which additional activities might be useful to
support their overall strategies.
Acknowledgments
Dr. McGraw, along with Sammy Migues, principal scientist at Synopsys, and Jacob West, vice president of cloud operations for NetSuite at Oracle, analyzed data collected over the past
10 years of software security research. Some of the companies participating in the assessments include Adobe, The Advisory Board
Company, Aetna, Alibaba Group, Amgen, Anda, Autodesk, Axway, Bank of America, Betfair, BMO Financial Group, Black Duck Software,
Black Knight, Box, Canadian Imperial Bank of Commerce, Capital One, City National Bank, Cisco, Citigroup, Citizens Bank, Comerica
Bank, Cryptography Research (a division of Rambus), Dahua, Depository Trust & Clearing Corporation, Ellucian, Experian,
F-Secure, Fannie Mae, Fidelity, Freddie Mac, General Electric, Genetec, Global Payments, Highmark Health, The Home Depot, Horizon
Healthcare Services, HSBC, Independent Health, iPipeline, Johnson & Johnson, JPMorgan Chase, Lenovo, LGE, McKesson,
Medtronic, Morningstar, Navient, NCR, NetApp, News Corp, Nvidia, NXP Semiconductors, PayPal, Principal Financial Group, Qualcomm,
Royal Bank of Canada, Scientific Games, Sony Mobile, Splunk, Synopsys, Target, TD Ameritrade,
Trainline, Trane, U.S. Bank, The Vanguard Group, Veritas, Verizon, Wells Fargo, Zendesk, and Zephyr Health.
About the BSIMM
Started in 2008, the Building Security In Maturity Model (BSIMM) is a tool for measuring and evaluating software security
initiatives. A data-driven model and measurement tool developed through the careful study and analysis of software security
initiatives, the BSIMM includes real-world data from more than 100 organizations. The BSIMM is an open standard that includes a
framework based on software security practices, which an organization can use to assess its own efforts in software security. For
more information, visit www.bsimm.com.
About the Synopsys Software Integrity Platform
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and
productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and
dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source
components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys helps
organizations optimize security and quality in DevSecOps and throughout the software development life cycle. Learn more at
www.synopsys.com/software.
About Synopsys
Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software™ partner for innovative companies developing the
electronic products and software applications we rely on every day. As the world's 15th largest software company, Synopsys has a
long history of being a global leader in electronic design automation (EDA) and semiconductor IP and is also growing its
leadership in software security and quality solutions. Whether you're a system-on-chip (SoC) designer creating advanced
semiconductors, or a software developer writing applications that require the highest security and quality, Synopsys has the
solutions needed to deliver innovative, high-quality, secure products. Learn more at www.synopsys.com.
Editorial Contacts:
Mark Van Elderen
Synopsys, Inc.
650-793-7450
mark.vanelderen@synopsys.com
Simone Souza
Synopsys, Inc.
650-584-6454
simone@synopsys.com
View original content:http://www.prnewswire.com/news-releases/synopsys-releases-bsimm9-study-highlighting-impact-of-cloud-transformation-and-growth-of-software-security-community-300722542.html
SOURCE Synopsys, Inc.