133 percent growth in static scans initiated by an API call, rather than by a human, reveals a massive shift towards automation
Automated scanning cuts the average time a security flaw remains open in half
30 percent decrease in modules analyzed per scan also suggests sharp increase in componentized applications
BURLINGTON, Mass. – December 14, 2021 – Veracode, the largest global provider of application security testing (AST), has revealed usage data that demonstrates cybersecurity is becoming more automated and componentized in line with modern software architectures and development practices. The analysis of 5,446,170 static scans and more than 310,000 apps over a 13-month period from September 2020 to October 2021 found a startling 143 percent growth in the number of small apps, like APIs and microservices, and a 133 percent increase in automated scans run through APIs instead of manually.
Source: Veracode platform showing Static Scan data
Covid-19 has accelerated digital transformation over the past 18 months, and businesses are competing aggressively to be first to market with digital products and services. Pressure on developers to build and deploy software quicker than ever has precipitated the shift to DevSecOps – integrating Development, Security, and Operations to make Application Security an integral part of the software lifecycle. At long last, companies are applying AppSec controls to secure the integrity of the development process, as well as scaling DevSecOps pipeline patterns across the entire enterprise.
“The rise of automation and componentization in software development has driven a sharp increase in the speed and automation of software security as businesses look to AI and machine learning for flaw identification, threat modeling, and remediation,” said Chris Wysopal, Co-Founder & Chief Technology Officer at Veracode. “We’ve already seen DevSecOps grow rapidly in maturity and now there’s an opportunity to shift security even further left into the design phase to become SecDevOps.”
Componentization Drives Speed and Efficiencies
Alongside the upward trajectory in automation, Veracode also found a downward trend in the complexity and size of the code being analyzed, as evidenced by the 30% reduction in the average number of modules scanned per scan, indicating a shift toward scanning of individual components or microservices. This is not surprising considering the rapid adoption of both componentized applications and DevOps practices.
Veracode is intelligent software security. The Veracode Software Security Platform continuously finds flaws and vulnerabilities at every stage of the modern software development lifecycle. Prompted by powerful AI trained by trillions of lines of code, Veracode customers fix flaws faster with high accuracy. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organizations, Veracode is the pioneer, continuing to redefine what intelligent software security means. Learn more at www.veracode.com, on the Veracode blog, on Linkedin, and on Twitter.
Copyright © 2023 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.