NTT DATA and the Synopsys Software Integrity Group today announced a global collaboration to defend against cybersecurity threats in the software supply chain.
This collaboration builds on NTT DATA’s recently announced global cybersecurity strategy and enhances its application security capabilities in NTT DATA’s global cybersecurity services portfolio. The two companies are introducing a broad portfolio of application security solutions that enable organizations to manage risk at scale, establish effective compliance, pinpoint and fix software vulnerabilities, and centralize policies and reporting.
NTT DATA plans to integrate elements of the Synopsys Software Integrity Group’s Polaris Software Integrity platform into its solution portfolio, including Synopsys Black Duck software composition analysis (SCA) and Synopsys Coverity static application security testing (SAST).
By leveraging these solutions, NTT DATA will be able to visualize vulnerabilities in open-source software (OSS) libraries or user source code included in the software components of commercial applications developed by NTT DATA, as well as applications developed by clients. Based on the vulnerability information provided by Synopsys, NTT DATA will offer advisory services to enhance security in the software development cycle, as well as provide clients with managed security detection and response services. This will enable NTT DATA to create one picture of risk and transform application security so that clients can improve their risk posture and the AppSec program’s total cost of ownership.
As Synopsys explains in its latest Building Security In Maturity Model (BSIMM) report, the use of automated security technology is growing rapidly. Firms are increasingly taking advantage of security automation to enhance manual, subject matter expert–driven security activities to reduce cost and improve effectiveness. Greater automation has enabled organizations to embrace the shift-everywhere philosophy, with automated, event-driven security testing increasing by 200% over the last two years.
Organizations have also made valuable strides in improving the culture of security at their organizations. In fact, BSIMM14 found that organizations are demanding more from service providers and partners. Expectations for strong vendor security practices grew by 21% as firms held vendors to standards similar to those they use internally.
Additionally, software supply chain practices are gaining traction. Organizations are increasingly building software bills of materials (SBOMs), with a 22% increase in SBOM creation from last year. And when it comes to open-source awareness, identifying and controlling open-source risk increased by just under 10% from last year.
