The use of automated security technology is growing rapidly, leading to a “shift everywhere” approach to security testing throughout the software development life cycle. According to Synopsys, organizations are increasingly adopting security automation to replace manual activities, resulting in cost reduction and improved effectiveness.
One notable trend is the increased adoption of advanced automation strategies, with automated event-driven security testing increasing by 200% over the last two years. This philosophy, known as “shift everywhere,” focuses on providing security stakeholders with information to make knowledgeable risk management decisions, rather than simply increasing security spending or effort.
Many organizations are expanding their automation tactics to go beyond defect discovery, addressing supply chain risks and taking a holistic approach to secure their applications and products. The introduction of AI into ecosystems has also increased productivity, but it also introduces new attack surfaces and risks.
The rise of automation has also led to a 68% growth in mandatory code review in the last five years, but it has caused a reduction in expensive, subject matter expert-driven activities that are difficult to automate.
Furthermore, organizations are embracing modern toolchain technology that allows automation of security testing in the Quality Assurance (QA) stage, resulting in a 10% growth in related security activities. Jason Schmitt, GM of the Synopsys Software Integrity Group, emphasized that automation is essential for defending against cyber threats while enabling companies to do more with less.
The report also highlighted the progress made by firms in improving the culture of security at their organizations. Firms with security champion programs saw an average 25% higher Building Security In Maturity Model (BSIMM) score. Additionally, firms are demanding more from service providers and partners, with expectations for strong vendor security practices increasing by 21%.
While many trends are positive, some companies have seen reduced security budgets, leading to declines in manual security tasks as teams focus on maximizing their return on investment through automation.