The number of applications scanned has also increased considerably, with developers currently testing more than 17 new applications per quarter, more than quadruple the amount scanned a decade before. The study, which looked at almost half a million apps, uncovered fresh information from a diverse range of major and mid-sized businesses, commercial software providers, and open-source organizations.
The world is more connected than ever, according to research, with 4.66 billion active internet users worldwide. According to Chris Wysopal, who is the CTO of Veracode, scanning software as a pre-production stage in the final phase of the software development lifecycle is no longer sufficient. Scanning using a variety of testing tools must happen continually as a completely integrated part of the process, much as software is now distributed regularly.
Use of multiple scan types fix defects faster
Organizations are increasingly recognizing the need to examine the software they develop across numerous dimensions, therefore continuous security testing employing multiple scanning kinds is quickly becoming the norm.
Businesses are combining scan types to secure their software in greater numbers than ever before, with a 31 percent growth in the combined use of static, dynamic, and software composition analysis from 2018 to 2021.
The trend continues from last year’s State of Software Security report v11, which indicated that organizations that used dynamic scanning in addition to static scanning remediated issues 24 days faster and that adding software composition analysis shaved another six days off the process.
Time is expensive currency for the development teams
Software development teams have adopted agile approaches and process automation tools, as well as cloud-native technologies, open-source software, and microservices, due to the demand for speed. While these developments have accelerated software development, they have also created additional complications and risks.
The researcher has done in-depth exercises regarding the domain and according to them, Over the last two years, the proliferation of more modular apps has led to dramatic growth in the number of applications scanned. Multiple languages were used in around 20% of apps in 2018, but this has dropped to 5% in 2019. This points to a shift toward smaller, single-task apps, which is consistent with the growing popularity of microservices.
Rewards of developer security training for the Organizations
Veracode’s research discovered the favorable impact of interactive security training in addition to increases in scan cadence and remediation capacity. Companies with developers who have completed at least one course in a training program involving real-world applications addressed faults 35% faster than those who had not. With so few university-level computer science schools teaching software security, the value of hands-on training with real-world, vulnerable applications in a secure, guided environment cannot be overstated. Findings show that those who participate in training labs may have a leg up on the competition when it comes to identifying the source of defects and promptly resolving them.
Nice Article…Keep writing