Security News > 2022 > February > The importance of implementing security scanning in the software development lifecycle

"It is no longer sufficient to scan software as a pre-production step in the last phase of the software development lifecycle. Just as software is now deployed continuously, scanning using a variety of testing tools must also happen continuously as a fully integrated part of the process," said Chris Wysopal, CTO at Veracode.

Continuous security testing using multiple scanning types is fast becoming the norm as organizations recognize the need to analyze the software they build across multiple dimensions.

The trend continues from last year's State of Software Security report v11, which found that companies using dynamic in addition to static scanning remediated flaws 24 days faster, and including software composition analysis shaved off another six days.

Time is competitive currency for software development teams.

The need for speed has driven software development teams to adopt agile methodologies and process automation tools, as well as cloud-native technologies, open-source software, and microservices.

"With so few computer science programs teaching software security at university, the power of training with real, vulnerable applications in a safe, guided environment cannot be underestimated. Our data demonstrates that those who participate in training labs may have a head-start when it comes to understanding the origin of flaws and fixing them quickly," Eng said.

News URL

https://www.helpnetsecurity.com/2022/02/14/most-applications-scanned/