Enterprises that integrate security testing into their CI/CD pipeline fix 91.4 percent of new issues, according to a progress report from ShiftLeft.
Recent software supply chain attacks illustrate the growing risks businesses, their partners, and customers face. But a recent report suggests better outcomes for those who put security at the heart of app development.

Data from a ShiftLeft customer report shows that companies that have rebuilt their core testing processes around faster, more accurate static analysis are able to:

Data for the report represents customer usage of ShiftLeft CORE between May 1, 2020 and April 20, 2021. Manish Gupta, the company’s CEO and co-founder shared the findings and lessons with Mike Shema during a recent episode of Application Security Weekly.

Among the report’s findings:


Some of the key results from ShiftLeft’s report.

“When increasing the speed and frequency of scans and prioritizing SCA tickets, we found enterprises that tightly integrate security testing within their CI/CD pipeline fix 91.4 percent of new issues,” Manish said.

Overall, customers fixed 58 percent of new issues before they became technical debt, he added. As organizations fixed a higher number of vulnerabilities in their applications, 86 percent of these fixes were for critical or well-known issue classes. The most-fixed issues are all in the OWASP Top Ten, Manish noted.

To learn more, watch the interview on Application Security Weekly here or visit  https://securityweekly.com/shiftleft for more information.



Security Weekly is the security podcast network for the security community, distributing free podcasts and media since 2005. We connect the security industry and the security community through our security market validation programs.
We view our relationships with the security industry as partnerships, not sponsorships. Security Weekly works closely with each partner to help you achieve your marketing goals and gain traction in the security market. Interested in becoming a partner? Please visit our partnerships page.
Back to Top
RSS Feed RSS – Posts

source