New Study Shows One Critical Industry Lagging Behind in Software Security

The latest release of the Building Security In Maturity Model (BSIMM6) uncovers the current state of software security

DULLES, Va.--()--Cigital Inc., the industry leader in software security solutions, released data today from BSIMM6, the latest from the industry’s first and only software security measurement tool built on real-world data. BSIMM6 also marks the addition of the healthcare industry, providing healthcare organizations a critical mass of data to help them assess, compare, and contrast their software security initiative with others in the industry. The data, following on the heels of the Anthem and UCLA Health data breaches, confirm underlying issues in healthcare software security practices.

Adding the healthcare industry deepens the BSIMM data set and provides a sharp view of the value of the BSIMM. The BSIMM data for healthcare clearly demonstrates that healthcare organizations lag in software security practices, falling significantly behind independent software vendors, financial services firms, and even consumer electronics providers. For healthcare organizations looking to address the problem, the BSIMM provides an objective measurement of an organization’s software security initiative and where these measurements fall within their industry. The data and associated context enable firms to plan a roadmap built on science to mature their software security initiative.

Jim Routh, Chairman of NH-ISAC concurs, “BSIMM continues to be the authoritative source of observed practices and activities from the most mature software security programs across industries and BSIMM6 offers excellent trend analysis compared with past data points indicating the evolution of software security maturity.”

“We are very proud of the growth of the BSIMM data set and of its accuracy,” said Dr. Gary McGraw, CTO of Cigital. “The addition of healthcare in BSIMM6 enriches the model and shows growing awareness of all verticals toward measuring their software security initiative. The healthcare data show that the industry has plenty to learn from other industries when it comes to software security. Fortunately, the BSIMM community is set up to facilitate and accelerate that learning.”

Dr. McGraw, along with Jacob West, Chief Architect at NetSuite, and Sammy Migues, Principal at Cigital, analyzed data collected during the past seven years of software security research. Cigital is grateful for the participation of companies such as Adobe, Aetna, ANDA, Autodesk, Bank of America, Black Knight Financial Services, BMO Financial Group, Box, Capital One, Cisco, Citigroup, Comerica, Cryptography Research, Depository Trust and Clearing Corporation, Elavon, EMC, Epsilon, Experian, Fannie Mae, Fidelity, F-Secure, HP Fortify, HSBC, Intel Security, JPMorgan Chase & Co., Lenovo, LinkedIn, Marks & Spencer, McKesson, NetApp, NetSuite, Neustar, Nokia, NVDIA, PayPal, Pearson Learning Technologies, Qualcomm, Rackspace, Salesforce, Siemens, Sony Mobile, Symantec, The Advisory Board, The Home Depot, TheTrainline.com, TomTom, U.S. Bank, Vanguard, Visa, VMware, Wells Fargo, and Zephyr Health, which allowed us to arrive at the conclusions found in BSIMM6.

Other highlights of the report include the top 12 activities frequently performed by the most mature software security initiatives. To download the report, visit https://www.bsimm.com/download/.

For additional details about BSIMM6, please attend Cigital’s webinar on Tuesday, November 10 at 11:00am ET, entitled “BSIMM: Bringing Science to Software Security.” By joining this webinar, attendees will learn what BSIMM is, how organizations can apply this information to their security programs and build a more effective roadmap for the future. To register, please visit: https://cigitalevents.webex.com/cigitalevents/onstage/g.php?MTID=ea19c38aa656abd256f5a6469d5d37961

About BSIMM

Started in 2008, the Building Security in Maturity Model (BSIMM) is a tool for measuring and evaluating software security initiatives. A data-driven model and measurement tool developed through the careful study and analysis of software security initiatives, BSIMM includes real-world data from over 100 organizations. The BSIMM is an open standard that includes a framework based on software security practices, which an organization can use to assess its own efforts in software security. For more information, visit https://www.bsimm.com

About Cigital

Cigital is one of the world’s largest application security firms. We go beyond traditional testing services to help organizations find, fix and prevent vulnerabilities in the applications that power their business. Our holistic approach to application security offers a balance of managed services, professional services and products tailored to fit your specific needs. We don’t stop when the test is over. Our experts also provide remediation guidance, program design services, and training that empower you to build and maintain secure applications. Our proactive methods helps clients reduce costs, speed time to market, improve agility to respond to changing business pressures and threats, and focus resources where they are needed most.

Cigital is headquartered near Washington, D.C. with regional offices throughout North America, Europe, and India. For more information visit: https://www.cigital.com

Contacts

North America, Latin America, and Asia Press Contact for Cigital
W2 Communications
Joyson Cherian, 703-877-8104
Joyson@w2comm.com
or
Europe, Middle East, and Africa Press Contact for Cigital
éclat Marketing
Kirsten Scott, +44.1276.486000
Cigital@eclat.co.uk

Release Summary

Cigital today released BSIMM6, the latest from the industry’s first and only software security measurement tool built on real-world data. BSIMM6 also marks the addition of the healthcare industry.

#Hashtags

Social Media Profiles

Contacts

North America, Latin America, and Asia Press Contact for Cigital
W2 Communications
Joyson Cherian, 703-877-8104
Joyson@w2comm.com
or
Europe, Middle East, and Africa Press Contact for Cigital
éclat Marketing
Kirsten Scott, +44.1276.486000
Cigital@eclat.co.uk