SmartBear announced its acquisition of QMetry, provider of an AI-enabled digital quality platform designed to scale software quality.
Majority Report DevOps Delays Due to Critical Security Issues
March 28, 2024
Over 80% of survey respondents indicated that a critical security issue in deployed software impacted their DevOps delivery schedule in the last year, according to the Global State of DevSecOps 2023 report from Synopsys.
Implementing DevSecOps, a framework focused on embedding security testing throughout each phase of the software development life cycle (SDLC), is an established way to reduce the volume of critical vulnerabilities and exploitable security issues in production applications.
"While a vast majority [91%] of organizations have adopted some level of DevSecOps practices, they continue to face barriers effectively implementing its methods, especially at enterprise scale," said Jason Schmitt, general manager of the Synopsys Software Integrity Group. "Specifically, we're noticing that organizations across the globe are struggling with integrating and prioritizing the results from the multiple application security testing tools used by their teams. They also struggle to enforce security and compliance policies automatically through infrastructure-as-code, a practice that was cited most often by respondents as a key factor of their security program's overall success."
Key findings from the report include:
Security Pros already using AI
Most security professionals are already using AI –and even more are wary of its risks. A majority (52%) of survey respondents noted that they are actively using AI to enhance their organization's software security measures. However, even more (76%) are "very or somewhat concerned" about potential errors or issues with AI-based cybersecurity solutions.
Remediation spans weeks
Remediation timelines for most organizations can span weeks. 28% of respondents said their organizations take as long as three weeks to patch critical security risks/vulnerabilities in deployed applications. Another 20% said it can take up to a month, even as most exploits appear within days.
AppSec Testing Tools Considered Useful
Application security testing tools are seen as useful to at least two-thirds of respondents. When asked to gauge the usefulness of security tools and practices — including dynamic application security testing (DAST), interactive application security testing (IAST), static application security testing (SAST), and software composition analysis (SCA) — each tool included in the survey was regarded as useful by at least two-thirds of respondents. The report identifies SAST as the highest-regarded AST tool, with 72% indicating that they find it useful. That is closely followed by IAST (69%), SCA (68%), and DAST (67%).
Security Testing is Shared responsibility
Security testing responsibilities are equally shared between internal security and development/engineering teams. Software developers and engineers (45%) are just as likely to be tasked with performing security tests on their organization's business-critical applications and continuous improvement (CI) pipelines as internal security team members (46%). One-third (33%) of organizations are also enlisting external consultants to supplement the efforts of internal teams.
Methodology: The new report from the Synopsys Cybersecurity Research Center is based on a survey conducted by Censuswide polling more than 1,000 IT professionals across the world — including developers, application security professionals, DevOps engineers and CISOs, as well as experts in technology, cybersecurity, and software development.
Industry News
December 03, 2024
Red Hat signed a strategic collaboration agreement (SCA) with Amazon Web Services (AWS) to scale availability of Red Hat open source solutions in AWS Marketplace, building upon the two companies’ long-standing relationship.
December 03, 2024
CloudZero announced the launch of CloudZero Intelligence — an AI system powering CloudZero Advisor, a free, publicly available tool that uses conversational AI to help businesses accurately predict and optimize the cost of cloud infrastructure.
December 03, 2024
Opsera has been accepted into the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners that provides software solutions that run on or integrate with AWS.
December 02, 2024
Spectro Cloud is a launch partner for the new Amazon EKS Hybrid Nodes feature debuting at AWS re:Invent 2024.
December 02, 2024
Couchbase unveiled Capella AI Services to help enterprises address the growing data challenges of AI development and deployment and streamline how they build secure agentic AI applications at scale.
December 02, 2024
Veracode announced innovations to help developers build secure-by-design software, and security teams reduce risk across their code-to-cloud ecosystem.
December 02, 2024
Traefik Labs unveiled the Traefik AI Gateway, a centralized cloud-native egress gateway for managing and securing internal applications with external AI services like Large Language Models (LLMs).
December 02, 2024
Generally available to all customers today, Sumo Logic Mo Copilot, an AI Copilot for DevSecOps, will empower the entire team and drastically reduce response times for critical applications.
December 02, 2024
iTMethods announced a strategic partnership with CircleCI, a continuous integration and delivery (CI/CD) platform. Together, they will deliver a seamless, end-to-end solution for optimizing software development and delivery processes.
November 26, 2024
Progress announced the Q4 2024 release of its award-winning Progress® Telerik® and Progress® Kendo UI® component libraries.
November 26, 2024
Check Point® Software Technologies Ltd. has been recognized as a Leader and Fast Mover in the latest GigaOm Radar Report for Cloud-Native Application Protection Platforms (CNAPPs).
November 26, 2024
Spectro Cloud, provider of the award-winning Palette Edge™ Kubernetes management platform, announced a new integrated edge in a box solution featuring the Hewlett Packard Enterprise (HPE) ProLiant DL145 Gen11 server to help organizations deploy, secure, and manage demanding applications for diverse edge locations.
November 26, 2024
Red Hat announced the availability of Red Hat JBoss Enterprise Application Platform (JBoss EAP) 8 on Microsoft Azure.
November 26, 2024
Launchable by CloudBees is now available on AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).
