Progress in Numbers: Our First Customer Report

AppSec Shift Left Progress Report

Having spent 15 years detecting malware — virus, intrusions, worms, nation-state attacks, etc — I learned that much of security is reactive. We let the bad guy shoot first and then try to figure out how we are going to protect ourselves. Software vulnerabilities are one of the most important problems in security and if, as a thought experiment, we could eliminate vulnerabilities in software, cyber would be a much safer place. It is with this goal — reduce vulnerabilities in software — that I started ShiftLeft.

Reducing software security risk requires a rethink on how we analyze software because modern software is much different — microservices, the rise of APIs and open source, and the pace and automation of software development to name a few. This requires a new approach to analyzing software and a collaborative workflow between AppSec and Developers that serve the unique requirements of both parties yet allows them to work together to reduce vulnerabilities.

How do we measure whether ShiftLeft is achieving its goal? The #1 metric in AppSec is “how many vulnerabilities are getting fixed and how quickly”. And I am proud to announce today the release of our first “AppSec Shift Left Progress Report” that summarizes the experience of our customers over the last 12 months.

My favorite statistic: “ShiftLeft customers who have automated ShiftLeft in their CI/CD pipeline are fixing 91.4% of new vulnerabilities within two sprints”!

Read the AppSec Shift Left Progress Report here

Progress in Numbers: Our First Customer Report was originally published in ShiftLeft Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

*** This is a Security Bloggers Network syndicated blog from ShiftLeft Blog - Medium authored by Manish Gupta. Read the original post at:

Avatar photo

Manish Gupta

Manish is a seasoned executive recognized for scaling public and private B2B companies and growing significant enterprise value for the past 25 years. Before Sonar, he served as the CMO at Redis and most recently as the Vice President of Global Marketing for Java and GraalVM at Oracle, leading multi-fold growth during his tenure.

manish-gupta has 7 posts and counting.See all posts by manish-gupta