Edit Reading

Back to List

Basic Information

Title

Please enter a title.

URL

Please enter a valid URL.

Date

カテゴリID

画像ファイル名

統計情報

単語数: 409語

読了回数: 0回

作成日: 2022/08/17 14:58

更新日: 2025/12/09 14:16

本文

Gartner: Software businesses must adopt DevSecOps before it becomes mainstream
Daniel Todd

Software developer working on code Shutterstock
Integration will ultimately help organisations reduce friction between security and development, research firm says
Software businesses must make DevSecOps and software composition analysis a priority before they become mainstream, research firm Gartner has concluded.

In its Hype Cycle 2022 report, Gartner said DevSecOps and Software Composition Analysis (SCA) will see mainstream adoption in less than two years, listing them as a ‘transformational’ innovations – the highest in its ranking system.

These transformational innovations are described as having a “significant impact on an organization’s business models” and will drive a need for new strategies and tactics.

By integrating security into the development process, businesses can eliminate or reduce friction between security and development and, ultimately, achieve a secure software development lifecycle (SDLC).

The research firm said the drivers include the adoption of DevOps and its need for security and compliance testing that can keep up with the pace of development, as well as its earlier application into the lifecycle compared with traditional application security testing (AST) tools.

Testing results also need to be integrated into the development process in a manner that complements developers’ existing workflows and toolsets, while the use of open source has significantly increased the risk of inadvertent use of vulnerable components and frameworks by developers.

However, Gartner also noted several key obstacles, including developers believing security testing tools are slowing them down, not understanding the vulnerabilities their coding creates, as well as them not wanting to leave their continuous integration/continuous delivery (CI/CD) pipeline to perform tests or view results.

Static application testing (SAST) and dynamic application security testing (DAST)tools have also been hindered by false positives or vague information which frustrates developers, Gartner added. In contrast, diversity of tools used in modern CI/CD pipeline “will complicate the seamless integration of DevSecOps offerings”.

To counter these, Gartner recommends several tactics, including preparing teams for automated integration, “shifting left” to make security testing tools available earlier in development, and favouring offerings that can link scanning in development to correct configuration, visibility and protection runtime.

Similarly, SCA tools will help ensure the software supply chain can be trusted, identify known vulnerabilities, ensure components are properly licensed, while supporting the use of OSS in app development.

According to Gartner, SCA should be considered a “foundational element of application security testing” to identify known vulnerabilities and supply chain risks in open source packages.

本文を入力してください。

メモ

メモ・感想

キャンセル

Edit Reading

Basic Information

統計情報

本文

メモ

Send Report