ynopsys has announced the

The new report from the Synopsys Cybersecurity Research Center is based on a survey conducted by Censuswide polling more than 1,000 IT professionals across the world – including developers , application security professionals , DevOps engineers and CISOs , as well as experts in technology , cybersecurity and software development .

Over 80 % of survey respondents indicated that a critical security issue in deployed software impacted their DevOps delivery schedule in the last year . Implementing DevSecOps , a framework focused on embedding security testing throughout each phase of the software development life cycle ( SDLC ) is an established way to reduce the volume of critical vulnerabilities and exploitable security issues in production applications .

“ While a vast majority ( 91 %) of organisations have adopted some level of DevSecOps practices , they continue to face barriers effectively implementing its methods , especially at enterprise scale ,” said Jason Schmitt , General Manager of the Synopsys Software Integrity Group . “ Specifically , we ’ re noticing that organisations across the globe are struggling with integrating and prioritising the results from the multiple application security testing tools used by their teams . They also struggle to enforce security and compliance policies automatically through Infrastructure-as-Code , a

practice that was cited most often by respondents as a key factor of their security program ’ s overall success .”

Key findings from the report include :

• Most security professionals are already using AI – and even more are wary of its risks . A majority ( 52 %) of survey respondents noted that they are actively using AI to enhance their organisation ’ s software security measures . However , even more ( 76 %) are ‘ very or somewhat concerned ’ about potential errors or issues with AI-based cybersecurity solutions .

• Remediation timelines for most organisations can span weeks . Over a quarter ( 28 %) of respondents said their organisations take as long as three weeks to patch critical security risks / vulnerabilities in deployed applications . Another 20 % said it can take up to a month , even as most exploits appear within days .

• Application security testing tools are seen as useful to at least two-thirds of respondents . When asked to gauge the usefulness

of security tools and practices – including dynamic application security testing ( DAST ), interactive application security testing ( IAST ), static application security testing ( SAST ) and software composition analysis ( SCA ) – each tool included in the survey was regarded as useful by at least two-thirds of respondents . The report identifies SAST as the highest-regarded AST tool , with 72 % indicating that they find it useful . That is closely followed by IAST ( 69 %), SCA ( 68 %) and DAST ( 67 %).

• Security testing responsibilities are equally shared between internal security and development / engineering teams . Software developers and engineers ( 45 %) are just as likely to be tasked with performing security tests on their organisation ’ s business-critical applications and continuous improvement ( CI ) pipelines as internal security team members ( 46 %). One-third ( 33 %) of organisations are also enlisting external consultants to supplement the efforts of internal teams . u

intelligent SOFTWARE SECURITY

www . intelligentciso . com

61