Opportunity for Software Security to Shift Further Left to Become SecDevOps, According to Veracode
133 percent growth in static scans initiated by an API call, rather than by a human, reveals a massive shift towards automation
Automated scanning cuts the average time a security flaw remains open in half
30 percent decrease in modules analyzed per scan also suggests sharp increase in componentized applications
BURLINGTON, Mass. – December 14, 2021 – Veracode, the largest global provider of application security testing (AST), has revealed usage data that demonstrates cybersecurity is becoming more automated and componentized in line with modern software architectures and development practices. The analysis of 5,446,170 static scans and more than 310,000 apps over a 13-month period from September 2020 to October 2021 found a startling 143 percent growth in the number of small apps, like APIs and microservices, and a 133 percent increase in automated scans run through APIs instead of manually.
Source: Veracode platform showing Static Scan data
Covid-19 has accelerated digital transformation over the past 18 months, and businesses are competing aggressively to be first to market with digital products and services. Pressure on developers to build and deploy software quicker than ever has precipitated the shift to DevSecOps – integrating Development, Security, and Operations to make Application Security an integral part of the software lifecycle. At long last, companies are applying AppSec controls to secure the integrity of the development process, as well as scaling DevSecOps pipeline patterns across the entire enterprise.
“The rise of automation and componentization in software development has driven a sharp increase in the speed and automation of software security as businesses look to AI and machine learning for flaw identification, threat modeling, and remediation,” said Chris Wysopal, Co-Founder & Chief Technology Officer at Veracode. “We’ve already seen DevSecOps grow rapidly in maturity and now there’s an opportunity to shift security even further left into the design phase to become SecDevOps.”
Componentization Drives Speed and Efficiencies
Alongside the upward trajectory in automation, Veracode also found a downward trend in the complexity and size of the code being analyzed, as evidenced by the 30% reduction in the average number of modules scanned per scan, indicating a shift toward scanning of individual components or microservices. This is not surprising considering the rapid adoption of both componentized applications and DevOps practices.
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com, on the Veracode blog and on Twitter.
Copyright © 2022 Veracode, Inc. All rights reserved. All other brand names, product names, or trademarks belong to their respective holders.