Software Improvement Group research shows software build quality and security are strongly related: 2022 Benchmark Report

Based on 70 billion lines of code across 300+ technologies, the 2022 SIG Benchmark Report reveals the state of software build quality worldwide.

AMSTERDAM, June 21, 2022 /PRNewswire/ -- Software Improvement Group (SIG), the independent global leading institute in analyzing software, published the Software Benchmark Report. Using the world's largest software metrics database, containing measurements from 70 billion lines of code, SIG annually reviews software build quality and security and its impact on businesses worldwide.

The report reveals two main areas of concern:

Software Supply Chains are a ticking time bomb: We find a strong correlation between good build quality and the chance of security incidents. Stale and aging libraries of lower build quality have 2 times more risk of emerging security vulnerabilities. Enterprises need to urgently change the way development teams use and manage open source libraries.

Software Security can't be fixed with tools alone: Reviewing code earlier in the development process prevents weaknesses and mitigates security risks faster. Tools are valuable in managing software security but are only part of the solution because they have fundamental blind spots. Processes and people are crucial for a successful software security strategy.

"Organizations need to urgently address the way they deal with software development. Current open-source management practices are leaving vulnerabilities unresolved which seriously increases the likelihood of enterprises being breached" said Luc Brandts, Group CEO of SIG Holding. "It's important that people understand the risks they are taking with adopting poorly built libraries. Our capabilities at SIG and Sigrid^®, our software assurance platform, help clients avoid these threats and implement practices that improves the quality and security of their applications"

Magiel Bruntink, Head of Research at SIG, commented, "We looked at data from over 13 years of software measurements, 7,500 systems, and 800,000 application inspections. We combine this data with state-of-the-art research projects on security code review, precise call chain technology, and new benchmarks, to help clients shift left on security and software supply chain issues."

Request complimentary access to the report.

End press release

About SIG

Software Improvement Group (SIG) helps organizations trust the technology they depend on. We combine our intelligent technology with our human expertise to dig deep into the build quality of enterprise software and architecture – measuring, monitoring, and benchmarking it against the world's largest software analysis database.

The SIG software analysis laboratory is the first and largest one in the world accredited according to ISO/IEC 17025 for software quality analysis. Founded in 2000, SIG is headquartered in Amsterdam, with offices in New York, Copenhagen, Antwerp and Frankfurt, and has clients in all industries and on all continents.

Learn more: www.softwareimprovementgroup.com

SOURCE Software Improvement Group (SIG)