CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Building a More Secure AppDev Process

admin by admin
April 10, 2022
in Information Security
585
SHARES
3.2k
VIEWS
Share on FacebookShare on Twitter


Enterprises that integrate security testing into their CI/CD pipeline fix 91.4 percent of new issues, according to a progress report from ShiftLeft.

Recent software supply chain attacks illustrate the growing risks businesses, their partners, and customers face. But a recent report suggests better outcomes for those who put security at the heart of app development.

Data from a ShiftLeft customer report shows that companies that have rebuilt their core testing processes around faster, more accurate static analysis are able to:

  • Release more secure code at scale
  • Scan more frequently
  • Work fixes earlier into the software development lifecycle
  • Have less security debt, and
  • Maintain more security fixes overall.

Data for the report represents customer usage of ShiftLeft CORE between May 1, 2020 and April 20, 2021. Manish Gupta, the company’s CEO and co-founder shared the findings and lessons with Mike Shema during a recent episode of Application Security Weekly.

Among the report’s findings:

  • While legacy security analysis tools can take hours or even days to conduct a full scan, ShiftLeft customers experienced a median scan time of 2 minutes and 20 seconds.
  • With shorter scan times, 46 percent of applications are scanned at least weekly and 17% are scanned at least daily.
  • Legacy analysis tools generate many false positives that can overwhelm AppSec and development teams. When open-source vulnerabilities are prioritized by accounting for true “reachability,” organizations reduced the number of their SCA tickets by an average of 92 percent.

Some of the key results from ShiftLeft’s report.

“When increasing the speed and frequency of scans and prioritizing SCA tickets, we found enterprises that tightly integrate security testing within their CI/CD pipeline fix 91.4 percent of new issues,” Manish said.

Overall, customers fixed 58 percent of new issues before they became technical debt, he added. As organizations fixed a higher number of vulnerabilities in their applications, 86 percent of these fixes were for critical or well-known issue classes. The most-fixed issues are all in the OWASP Top Ten, Manish noted.

To learn more, watch the interview on Application Security Weekly here or visit  https://securityweekly.com/shiftleft for more information.





Source link

Previous Post

Customers can now request the AWS CyberGRX report for their third-party supplier due diligence

Next Post

Apple Rushes Out Patches for 0-Days in MacOS, iOS

Related Posts

Information Security

Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild

by admin
May 23, 2022
Information Security

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

by admin
May 22, 2022
Information Security

Researchers Find Backdoor in School Management Plugin for WordPress

by admin
May 21, 2022
Information Security

380K Kubernetes API Servers Exposed to Public Internet

by admin
May 21, 2022
Information Security

Virtual product placements revealed by streaming platforms

by admin
May 21, 2022
Next Post

Apple Rushes Out Patches for 0-Days in MacOS, iOS

Leave Comment

Recommended

Reimagining the cities of the future in Finland

May 23, 2022

The longlist of the UK’s influential tech leaders

May 23, 2022

Did the Conti ransomware crew orchestrate its own demise?

May 23, 2022

Understanding attack paths is a question of training

May 23, 2022

How large companies can be ‘sharks’ that devour startups in their way – I-CIO

May 23, 2022

Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild

May 23, 2022

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 JNews - Premium WordPress news & magazine theme by Jegtheme.