Software Improvement Group research shows software build quality and security are strongly related: 2022 Benchmark Report
Based on 70 billion lines of code across 300+ technologies, the 2022 SIG Benchmark Report reveals the state of software build quality worldwide.
AMSTERDAM, June 21, 2022 – Software Improvement Group (SIG), the independent global leading institute in analyzing software, published the Software Benchmark Report. Using the world’s largest software metrics database, containing measurements from 70 billion lines of code, SIG annually reviews software build quality and security and its impact on businesses worldwide.
The report reveals two main areas of concern:
Software Supply Chains are a ticking time bomb: We find a strong correlation between good build quality and the chance of security incidents. Stale and aging libraries of lower build quality have 2 times more risk of emerging security vulnerabilities. Enterprises need to urgently change the way development teams use and manage open source libraries.
Software Security can’t be fixed with tools alone: Reviewing code earlier in the development process prevents weaknesses and mitigates security risks faster. Tools are valuable in managing software security but are only part of the solution because they have fundamental blind spots. Processes and people are crucial for a successful software security strategy.
“Organizations need to urgently address the way they deal with software development. Current open-source management practices are leaving vulnerabilities unresolved which seriously increases the likelihood of enterprises being breached” said Luc Brandts, Group CEO of SIG Holding. “It’s important that people understand the risks they are taking with adopting poorly built libraries. Our capabilities at SIG and Sigrid®, our software assurance platform, help clients avoid these threats and implement practices that improve the quality and security of their applications”
Magiel Bruntink, Head of Research at SIG, commented, “we looked at data from over 13 years of software measurements, 7,500 systems, and 800,000 application inspections. We combine this data with state-of-the-art research projects on security code review, precise call chain technology, and new benchmarks, to help clients shift-left on security and software supply chain issues.”
Get your copy of 2022 The Trends Shaping the Global Software Industry