New research shows that security scan cadence has increased 20-fold

Software security best practices are evolving rapidly as security continues to shift to the left and DevSecOps efforts expand. The Software security report status On average, organizations are doing 20 times more scans on their apps than they were just 10 years ago, according to application security company Veracode. As a result, the report also revealed that scan frequency has increased dramatically and developers are testing over 17 new applications every quarter. This is more than three times what was reported at the same time 10 years ago.

‚ÄúPart of this is due to the speed of innovation that has taken place over the last few years. More and more software is being created, and organizations are aware that there is a bit of exposure to them. Is populated with more customer data and the business is driven by these applications, so it’s important to make sure they’re secure, “said Chris Eng, Veracode’s Chief Research Officer. I am.

In addition, the use of multiple security scan types increased by 31% between 2018 and 2021, and the majority of developers chose to take advantage of a combination of static, dynamic, and SCA scans. The study found that organizations using both dynamic and static scans were able to fix 50% of defects 24 days earlier on average. Adding an SCA scan to this will save another 6 days.

Veracode’s report also shows that organizations that invest early in hands-on security training have stronger advantages than those that do not. Studies show that companies with this type of training fixed defects 35% faster than companies without it.

The report also showed that in 2018, about 20% of apps were working in multiple languages, but this number dropped to just 5% in 2021. Multilingual applications are just a little bit like that. This is in line with the growing interest of developers in microservices, so it was a bit cool to see that trend, “Eng said.

Another section of the report focuses on the use of open source libraries and third-party code, and how they are being leveraged by different organizations. It turns out that most of the code in Java applications comes from third parties, and Java continues to move in that direction. It has also been reported in .NET that the percentage of third-party code in applications has unexpectedly shifted upwards. This happened before and after the release of .NET 5, and the use of third-party code has skyrocketed.

In addition, this report is a previous study that developers tend to stick to the libraries they know and love, rather than bouncing and refactoring their codebases to switch to the latest or “most popular” libraries. Reinforced the results.

New research shows that security scan cadence has increased 20-fold

Source link New research shows that security scan cadence has increased 20-fold

Show More

Related Articles

Back to top button