Skip to main content
close search
site logo
Dive Brief

Organizations rapidly shift tactics to secure the software supply chain

Synopsys’ 13th annual BSIMM study shows rapid increases in automation and use of SBOMs among software producers and other organizations.

Published Sept. 22, 2022
David Jones's headshot
Reporter
Concept with expert setting up automated software on laptop computer.
NicoElNino via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Some of the nation’s largest companies have made significant changes in how they develop and test their software products amid a rapid increase in supply chain attacks, according to a report from Synopsys. 
  • Over the last 12 months, organizations increased efforts to control open source security risk by 51%, according to the 13th annual Building Security in Maturity Model report. Among those changes to improve security, there was a 30% increase in the use of software bills of materials, the study indicated. About 130 BSIMM member organizations, including PayPal, Adobe, Lenovo and others, were part of the study.
  • About 82% of BSIMM member organizations are now using automated tools to review their software code, a change that enables faster security testing and helps organizations find software vulnerabilities in a more efficient manner.

Dive Insight:

The BSIMM study demonstrates a significant shift in software security tactics over the past 12 months, driven in part by the surge in supply chain attacks, including SolarWinds, Kaseya and others over the last two years. 

Organizations are dedicating much more time and effort into monitoring the security of open-source software and automating their testing processes amid a shortage of qualified workers to efficiently test software. 

“Companies are leveraging automation, such as software composition analysis tools, to identify open source, create bills of materials for deployed software, and newly added perform application composition analysis on code repositories activity,” Eli Erlikhman, managing principal at Synopsys Software Integrity Group, said via email. 

The study comes amid an effort by the Biden administration to bolster the security of software used by federal agencies. Authorities hope these new requirements will expand to the broader software industry. 

The administration has also been working with private-sector partners to encourage more developers to strengthen their software security practices on the front end, before that software is sent to market.

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell