If your organization relies heavily on third-party software, you’re still responsible for making sure it meets compliance requirements and protects customer data. Our vendor analysis puts third-party applications under the same scrutiny as the applications you develop in-house, so you know the code you receive is secure. When your full supply chain is aligned along the same security protocols and practices, you’ll decrease risk. Even better, you’ll also reduce the time and resources it takes to launch secure software.
Vendor Building Security In Maturity Model (vBSIMM) is a metrics-oriented audit that empowers you to measure the software security capabilities within an organization’s software development process.
The vBSIMM enables you to retroactively identify and manage the risk of third-party software. Security bugs often creep into software when developers inject “technical debt” into new builds by repurposing code originally developed for other applications or by a third party. The same is likely if they incorporate open source code or components from code libraries into their work. As a result of our vendor analysis, you’ll be able to see which vendors you can trust and which need to improve their security posture to continue to be your partner.
Only 20% of organizations evaluate the security of third parties with which they share data or network access."
~FS-ISAC
|