Enterprises that combine safety testing into their CI/CD pipeline repair 91.4 p.c of latest points, in keeping with a progress report from ShiftLeft.
Latest software program provide chain assaults illustrate the rising dangers companies, their companions, and clients face. However a current report suggests higher outcomes for individuals who put safety on the coronary heart of app improvement.
Information from a ShiftLeft buyer report reveals that corporations which have rebuilt their core testing processes round sooner, extra correct static evaluation are in a position to:
- Launch extra safe code at scale
- Scan extra steadily
- Work fixes earlier into the software program improvement lifecycle
- Have much less safety debt, and
- Preserve extra safety fixes total.
Information for the report represents buyer utilization of ShiftLeft CORE between Could 1, 2020 and April 20, 2021. Manish Gupta, the corporate’s CEO and co-founder shared the findings and classes with Mike Shema throughout a current episode of Utility Safety Weekly.
Among the many report’s findings:
- Whereas legacy safety evaluation instruments can take hours and even days to conduct a full scan, ShiftLeft clients skilled a median scan time of two minutes and 20 seconds.
- With shorter scan instances, 46 p.c of functions are scanned at the least weekly and 17% are scanned at the least every day.
- Legacy evaluation instruments generate many false positives that can overwhelm AppSec and improvement groups. When open-source vulnerabilities are prioritized by accounting for true “reachability,” organizations decreased the variety of their SCA tickets by a median of 92 p.c.
A few of the key outcomes from ShiftLeft’s report.
“When growing the velocity and frequency of scans and prioritizing SCA tickets, we discovered enterprises that tightly combine safety testing inside their CI/CD pipeline repair 91.4 p.c of latest points,” Manish stated.
Total, clients mounted 58 p.c of latest points earlier than they grew to become technical debt, he added. As organizations mounted a better variety of vulnerabilities of their functions, 86 p.c of those fixes had been for important or well-known problem lessons. Essentially the most-fixed points are all within the OWASP Prime Ten, Manish famous.