The growth of application development, DevOps, containers, and cloud has fueled the growth of application security tools.  We now have static analysis, software composition analysis, interactive analysis, dynamic analysis, container scanning, infrastructure as code scanning, and a number of runtime application security products.  That’s a lot of testing data, but how do we integrate it to make better decisions around application security and risk?

I’m a big believer in making data available to developers (and operations) in their native tools, but with all of these data sources, how do you make that viable?  What data needs to be exchanged and how should it flow?  Do we need an application governance platform to pull it all together? 

To help answer these questions, Tim Mackey from Synopsys joined Application Security Weekly to discuss the security decisions needed during the application development process to make applications more secure (and less risky).  Although Synopsys has developed a suite of application security testing solutions, Tim realizes that data exchange is an important part of the application development process to make better decisions.  No one vendor has all the solutions (yet).

Synopsys solutions help you manage security and quality risks comprehensively, across your organization and throughout the application life cycle.  The Polaris Software Integrity Platform streamlines application security testing from developer to deployment by:

• Integrating security into your DevOps environment
• Finding and fixing quality and compliance issues early in development
• Assessing your AppSec threats, risks, and dependencies

To learn more about the data needed to make better application security decisions, watch the interview on Application Security Weekly here, to see the integration of data and security solutions from Synopsys, watch their recent on-demand webcast here, or visit securityweekly.com/synopsys for more information.