Shifting security further left: DevSecOps becoming SecDevOps>
Help Net Security
Veracode has revealed usage data that demonstrates cybersecurity is becoming more automated and componentized in line with modern software architectures and development practices.
The analysis of 5,446,170 static scans and more than 310,000 apps over a 13-month period from September 2020 to October 2021 found a startling 143 percent growth in the number of small apps, like APIs and microservices, and a 133 percent increase in automated scans run through APIs instead of manually.
Componentization drives speed and efficiencies Alongside the upward trajectory in automation, Veracode also found a downward trend in the complexity and size of the code being analyzed, as evidenced by the 30% reduction in the average number of modules scanned per scan, indicating a shift toward scanning of individual components or microservices. This is not surprising considering the rapid adoption of both componentized applications and DevOps practices.
Software cybersecurity must be pervasive, not invasive With the rising cost and complexity of modern software development practices, businesses will increasingly require a comprehensive, fully integrated security platform with fewer disparate tools. This platform supports pervasive, or continuous, security because it:
Starts in the design phase Is fully integrated, but also open Delivers a frictionless developer experience
Link: https://www.helpnetsecurity.com/2021/12/20/cybersecurity-software-development/