If you care about software security—and you should, since to be in business today means that no matter what you do or produce, you’re also a software company—you should be interested in the Building Security In Maturity Model (BSIMM). It can serve as a roadmap to better security.

Security and development teams are increasingly adopting DevOps methodologies. However, traditional security tools bolted onto the development process often cause friction, decrease velocity, and require time-consuming manual processes. Manual tools and legacy AppSec approaches limit security teams’ ability to deliver the timely and actionable security feedback needed to drive improvements at the pace of modern development.

Organizations are increasingly agile today, producing and deploying software applications faster than ever before. But this requires all the elements in the software development life cycle (SDLC) to work together cohesively. Security practices in the SDLC become especially important, given that more than half of security flaws result from preventable coding mistakes. Ensuring that developers are on board with security practices is even more critical to improve the process efficiency.

Read the Synopsys Cybersecurity Research Center’s (CyRC) analysis of CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991.

The first software development team I worked on operated on the follow mantra: Make it work. Then, make it fast. Then, make it elegant (maybe). Meaning, don’t worry about performance optimizations until your code actually does what it’s supposed to do, and don’t worry about code maintainability until after you know it both works and performs well. Users generally have no idea how maintainable the code is, but they do know if the application is broken or slow.

In 2019, the Black Duck® Audit Services team audited 1,253 codebases to identify open source components, their associated licenses, security vulnerabilities, and overall community activity. Our Audit Services team has extensive experience in not only identifying open source licenses, but also researching the more than 2,700 license permutations that exist in the open source world. But what happens when an open source component has no license at all?

If you want to stay current, you have to keep up with what’s trending, no matter if it’s politics, healthcare, education, finance, or entertainment. Or software security, which in a connected world is behind everything on that list above. Software isn’t just important, it’s essential. The world as we know it wouldn’t function or even exist without it.