New study shows healthcare industry lagging behind in software security
Cigital, an industry leader in software security solutions, released data today from BSIMM6, the latest from the industry’s first and only software security measurement tool built on real-world data. BSIMM6 also marks the addition of the healthcare industry, providing healthcare organizations a critical mass of data to help them assess, compare, and contrast their software security initiative with others in the industry. The data, following on the heels of the Anthem and UCLA Health data breaches, confirm underlying issues in healthcare software security practices.
Adding the healthcare industry deepens the BSIMM data set and provides a sharp view of the value of the BSIMM. The BSIMM data for healthcare clearly demonstrates that healthcare organizations lag in software security practices, falling significantly behind independent software vendors, financial services firms, and even consumer electronics providers. For healthcare organizations looking to address the problem, the BSIMM provides an objective measurement of an organization’s software security initiative and where these measurements fall within their industry. The data and associated context enable firms to plan a roadmap built on science to mature their software security initiative.
Jim Routh, Chairman of NH-ISAC concurs, “BSIMM continues to be the authoritative source of observed practices and activities from the most mature software security programs across industries and BSIMM6 offers excellent trend analysis compared with past data points indicating the evolution of software security maturity.”
“We are very proud of the growth of the BSIMM data set and of its accuracy,” said Dr. Gary McGraw, CTO of Cigital. “The addition of healthcare in BSIMM6 enriches the model and shows growing awareness of all verticals toward measuring their software security initiative. The healthcare data show that the industry has plenty to learn from other industries when it comes to software security. Fortunately, the BSIMM community is set up to facilitate and accelerate that learning.”
Dr. McGraw, along with Jacob West, Chief Architect at NetSuite, and Sammy Migues, Principal at Cigital, analyzed data collected during the past seven years of software security research. Cigital is grateful for the participation of companies such as Adobe, Aetna, ANDA, Autodesk, Bank of America, Black Knight Financial Services, BMO Financial Group, Box, Capital One, Cisco, Citigroup, Comerica, Cryptography Research, Depository Trust and Clearing Corporation, Elavon, EMC, Epsilon, Experian, Fannie Mae, Fidelity, F-Secure, HP Fortify, HSBC, Intel Security, JPMorgan Chase & Co., Lenovo, LinkedIn, Marks & Spencer, McKesson, NetApp, NetSuite, Neustar, Nokia, NVDIA, PayPal, Pearson Learning Technologies, Qualcomm, Rackspace, Salesforce, Siemens, Sony Mobile, Symantec, The Advisory Board, The Home Depot, TheTrainline.com, TomTom, U.S. Bank, Vanguard, Visa, VMware, Wells Fargo, and Zephyr Health, which allowed us to arrive at the conclusions found in BSIMM6.