In a new survey of more than 165 developers, application security and DevOps professionals, ShiftLeft, an innovator in the security of automated applications, found that 96% of developers think security hurts productivity . In addition, when application security professionals were asked to prioritize, application security experts arranged the creation of developer-friendly security workflows as their top priority before protecting applications in production environments.
ShiftLeft has released a new version of “NextGen Static Analysis”. The latter comes with new workflows specially designed for developers and which considerably improve security, while increasing productivity.
“Reducing security priorities has been the most common approach to balancing application security and developer productivity, as automating security in developer workflows has always been prohibitively expensive for all but the most elite security organizations. ShiftLeft’s NextGen Static Analysis combines industry-leading scanning speed, precision and transparent workflow; all for rapid collaboration between development and Application Security teams so organizations of all sizes can keep pace with software development, ”said Izak Mutlu, former vice president of security for information at Salesforce.com.
The continuous expansion of telework has increased the volume of business done online, increasing the number of properties and web applications that need to be developed. As organizations demand that software be built and delivered at an ever-increasing speed, it is essential to improve developer productivity while increasing security. Survey found that performing security scans too late in the software development lifecycle (89.7%) and lack of remediation advice (87.7%) are also barriers important to developer productivity.
To enhance security and meet developer productivity challenges, the new NextGen Static Analysis version of ShiftLeft offers holistic workflows with developer engagement and productivity as the first principle. The new developer-centric security workflow builds on the Git-based process that developers are already using to write and update code. This allows organizations to:
- provide immediate and accurate security feedback directly to each developer making the change;
- automate the analysis of codes on each withdrawal / merger request;
- allow developers to fix vulnerabilities with the same way they fix bugs, without leaving their development environment;
- allow application security teams to write security-focused building rules that accept or reject mergers, allowing application security to evolve;
- help developers adopt best practices for secure coding with Security Insights;
- Eliminate digital bottlenecks with unlimited simultaneous scanning;
- protect intellectual property by scanning without taking the source code outside their organization;
- deploy quickly thanks to self-service boarding which does not require network architecture updates, new firewall configurations or expensive professional services;
- further customize workflows with comprehensive APIs.
This developer-centric approach to code analysis dramatically increases security and productivity by providing the right vulnerability to the right developer at the right time. Average remediation time is reduced because vulnerabilities are fixed while code is still fresh in the minds of developers, and vulnerable code does not become deeply interconnected because security build rules prevent it from entering in the master branch.
Source : ShiftLeft