• Watch
  • Listen
  • Live Stream
Security Weekly
Security Market Validation
  • Listeners
    • Subscribe
    • Insider List
    • Suggest a Guest
  • Shows
    • Paul’s Security Weekly
    • Enterprise Security Weekly
    • Business Security Weekly
    • Application Security Weekly
    • Security & Compliance Weekly
    • Security Weekly News
    • Tradecraft Security Weekly
    • Secure Digital Life
  • Series
    • CISO Stories
    • Getting the Real Work Done in Cybersecurity
  • Webcasts/Trainings
    • Registration
    • On-demand
  • Articles
  • Partners
    • Become a Partner
    • Landing Pages
  • Hosts
  • Company
    • About
    • Careers
    • Contact

Application Security/ Articles/ DevOps

Building a More Secure AppDev Process

Bill Brenner September 20, 2021

Enterprises that integrate security testing into their CI/CD pipeline fix 91.4 percent of new issues, according to a progress report from ShiftLeft.

Recent software supply chain attacks illustrate the growing risks businesses, their partners, and customers face. But a recent report suggests better outcomes for those who put security at the heart of app development.


Data from a ShiftLeft customer report shows that companies that have rebuilt their core testing processes around faster, more accurate static analysis are able to:

  • Release more secure code at scale
  • Scan more frequently
  • Work fixes earlier into the software development lifecycle
  • Have less security debt, and
  • Maintain more security fixes overall.

Data for the report represents customer usage of ShiftLeft CORE between May 1, 2020 and April 20, 2021. Manish Gupta, the company’s CEO and co-founder shared the findings and lessons with Mike Shema during a recent episode of Application Security Weekly.

Among the report’s findings:

  • While legacy security analysis tools can take hours or even days to conduct a full scan, ShiftLeft customers experienced a median scan time of 2 minutes and 20 seconds.
  • With shorter scan times, 46 percent of applications are scanned at least weekly and 17% are scanned at least daily.
  • Legacy analysis tools generate many false positives that can overwhelm AppSec and development teams. When open-source vulnerabilities are prioritized by accounting for true “reachability,” organizations reduced the number of their SCA tickets by an average of 92 percent.

Some of the key results from ShiftLeft’s report.

“When increasing the speed and frequency of scans and prioritizing SCA tickets, we found enterprises that tightly integrate security testing within their CI/CD pipeline fix 91.4 percent of new issues,” Manish said.

Overall, customers fixed 58 percent of new issues before they became technical debt, he added. As organizations fixed a higher number of vulnerabilities in their applications, 86 percent of these fixes were for critical or well-known issue classes. The most-fixed issues are all in the OWASP Top Ten, Manish noted.

To learn more, watch the interview on Application Security Weekly here or visit  https://securityweekly.com/shiftleft for more information.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related Posts

Picture1

Application Security /

Web App and API Security Needs to Be Modernized: Here’s How

uptrend line arrows with bar chart in stock market on blue color background

Articles /

Ransomware Damage Claims Driving Insurance Hikes

Picture1

DevOps /

The Unique Challenges of Companies Born in the Cloud

‹ Web App and API Security Needs to Be Modernized: Here’s How › The Power of Developer-First Security

About Security Weekly

Security Weekly is the security podcast network for the security community, distributing free podcasts and media since 2005. We connect the security industry and the security community through our security market validation programs.

More Than Just A Sponsor

We view our relationships with the security industry as partnerships, not sponsorships. Security Weekly works closely with each partner to help you achieve your marketing goals and gain traction in the security market. Interested in becoming a partner? Please visit our partnerships page.

Back to Top

Subscribe To The Blog:

RSS feed RSS - Posts

Search

Latest Tweets

Tweets by @secweekly
© Security Weekly 2022
Powered by WordPress • Themify WordPress Themes