Software is at the backbone of the digital transformation
We live in a world of massive digital transformation. The technical backbone of this transformation is software. Software can be found everywhere. It is in our homes, in our phones, and in our businesses. Over 80% of the code in today’s software applications is open source. There will be 30 billion connected IOT devices by 2020. 85% of customer interactions will be managed without any human interaction by 2020. Software is everywhere and it has become incredibly complex.
Furthermore, accelerating “time-to-market” has become the new name of the game to bring products to market faster. Amazon deploys to production every 11.6 seconds. Facebook on Android alone, does between 50,000 to 60,000 builds a day! DevOps has changed the way software is built and has led to new risk factors in the form of “Software Exposure.”
Software security also needs to change in order to keep up with this new reality. According to the 2017 Verizon Data Breach report, web application attacks are responsible for breaches more than any other method. While software security has become a board room issue, organizations are still only allocating about 18% of their IT budgets specifically towards application security.
How has the industry responded from a security perspective?
For too long, traditional application security approaches have functioned as gates at various stages in the software development lifecycle. They have slowed down the actual speed of development by acting as deliberate checks that developers would have to wait to be completed before resuming their actual coding activities. The industry has treated developers as the source of security issues rather than as part of the solution. Finally, we have not given organizations the actual insight and context to make clear business decisions on go or no-go product releases that drive major business strategies.
Does speed have to come at a price? How do you deploy at the speed of DevOps and the business without increasing your risk? We believe it is time to move beyond the barriers and limitations of traditional gated application security approaches and move to a new era where organizations have full visibility and control of their software exposure at any stage of their software development lifecycle. Manage your software exposure by integrating security into the way your business and developers work. By accomplishing that, we give developers the information they need when they need it in the solutions they use every day.
We need to do better as an industry. And Checkmarx is at the forefront of this transformation. We are committed to delivering on our promise of managing software exposure at the speed of DevOps and the business. Please join us for this exciting journey.
Learn more about Software Exposure and how it is transforming software security.
*** This is a Security Bloggers Network syndicated blog from Blog – Checkmarx authored by Bernd Leger. Read the original post at: https://www.checkmarx.com/2018/08/01/era-of-software-exposure/