ShiftLeft Announces New Developer-Focused Next Generation Static Analysis Solution that Increases Application Security Productivity by 5X

Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

ShiftLeft, Inc., an innovator in automated application security, released a new version of NextGen Static Analysis (NG SAST), including new workflows, purpose-built for developers that significantly improve security, while enhancing productivity. ShiftLefts customer data confirms that developer productivity suffers when security isnt automated and seamlessly integrated into the software development lifecycle (SDLC).

Security productivity challenges are rooted in the disconnect between the modern SDLC and the incremental improvements from legacy application security tools, which were designed for ad hoc scanning in the legacy waterfall mode of software development. With staffing ratios often in excess of 200 developers for every AppSec professional, scaling security to meet the requirements of the agile SDLCs requires increasing both developer engagement and efficiency.

Developers Overwhelmingly Believe Disconnect with Security Inhibits Productivity

In a new survey of over 165 developers, AppSec and DevOps professionals, ShiftLeft found that 96% of developers believe the disconnect between developer and security workflows inhibits developer productivity. Furthermore, when asked to prioritize, AppSec professionals ranked creating developer-friendly security workflows as their top priority, which was even higher than protecting applications in production environments.

Deprioritization of security has been the most common approach to balancing AppSec with developer productivity because automating security in developer workflows has historically been prohibitively expensive for all but the most elite security organizations, said Izak Mutlu, former VP of Information Security at Salesforce.com. ShiftLefts NG SAST combines industry-leading scan speed, accuracy and a seamless workflow for rapid collaboration between development and AppSec teams so organizations of all sizes can run their AppSec initiatives at the pace of software development.

The rise of long-term and permanent remote work has increased the amount of business being done online, therefore increasing the number of web properties and applications that need to be developed and supported. As organizations demand software to be built and delivered at an ever-increasing velocity, enhancing developer productivity while enhancing security is critical. The survey revealed that performing security scans too late in the SDLC (89.7%) and lack of remediation guidance (87.7%) are also significant inhibitors to developer productivity.

ShiftLefts New Developer-Driven Workflows Significantly Increase Productivity and Quality of Application Security

To scale security and address developer productivity challenges, ShiftLefts new version of NG SAST delivers holistic workflows with developer engagement and productivity as a first principle. The new developer-driven security workflow relies on the git-based process that developers already use to write and update code. This allows organizations to:

  • Automate code analysis with every pull/merge request
  • Deliver immediate and accurate security feedback directly to each developer making the change
  • Enable developers to fix vulnerabilities, in the same way they address bugs, without leaving their development environment
  • Enable AppSec teams to write security-focused build rules that accept or deny merges, thereby allowing AppSec to scale
  • Help developers adopt secure coding best practices through Security Insights
  • Eliminate scanning bottlenecks with unlimited concurrent scans
  • Protect intellectual property by scanning without taking source code outside of their organization
  • Rapidly deploy with self-service on-boarding that doesnt require network architecture updates, new firewall configurations or expensive professional services
  • Further customize workflows through comprehensive APIs

This developer-centric approach to code analysis greatly increases security and productivity by delivering the right vulnerability to the right developer at the right time. Mean time to remediation (MTTR) is reduced because vulnerabilities get fixed while the code is still fresh in the developers minds, and vulnerable code doesnt become deeply interconnected because security build rules prevent it from entering the master branch.

ShiftLeft’s NextGen Static Analysis gave us the speed and accuracy that we needed to create security feedback loops for our development team without altering their workflows. By scanning every pull request our software engineers are able to fix vulnerabilities far more efficiently, said Thomas Heuckeroth, VP CyberSecurity at The Emirates Group. Not only are we seeing month-over-month decline in MTTR, but its now common for vulnerabilities to get fixed in the same sprint they are found and, most importantly, our engineers really like the process.

ShiftLeft customers who automate NG SAST at the pull request increase scanning frequency by 110X over the industry average. Furthermore, by providing security feedback in the developers workflow, customers experience a 4.9X reduction in MTTR, within 90 days of going live. The result is 70% of new vulnerabilities get fixed in a typical three week sprint before making it into production. By spending less time on fixing vulnerabilities and more time writing new code, developers can increase productivity while enhancing security.

The only way to deliver security at the pace of modern SDLCs is to create a culture of individual developer accountability for the security of the code they write. However, this demands new AppSec solutions purpose-built for todays requirements, said Manish Gupta, CEO of ShiftLeft. Based on our new survey, its clear developers feel ad hoc security processes and the tools they have available to them today arent helping. Weve always put productivity and security at the foundation of our platform, and our customers results demonstrate that the new workflow is significantly improving their security postures while increasing developer productivity.

To learn more about ShiftLeft NG SAST, visit the ShiftLeft website and sign up for free here: www.shiftleft.io/register.

About ShiftLeft

ShiftLefts NextGen Static Analysis (NG SAST), purpose-built to insert security into developer workflows. NG SAST’s speed and accuracy enables security automation with every pull request, which provides the right developer with the right vulnerability information at the right time. Hence, vulnerabilities get fixed faster and earlier, which drives down mean-time-to-remediation (MTTR), reduces attack surfaces and minimizes technical debt accrual. Furthermore, NG SAST goes beyond technical vulnerabilities (e.g., The OWASP Top Ten) to identify cloud-centric vulnerabilities that traditional static analysis tools can’t find, such as business logic flaws, data leakage, hard-coded literals and insider threats.

To learn how ShiftLeft keeps application security in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.

Brooke Wenrick

fama PR for ShiftLeft

[email protected]

617-986-5022