As software eats the world, the world faces a software security crisis. The movement to modern software such as cloud technologies and microservice architectures is essential to innovate quickly. Yet, nearly three in four developers say that security slows down Agile and DevOps.
Neither developers nor security teams are to blame. DevOps speed is held back by a 15-year-old, scan-based application security (AppSec) model designed for the early 2000s. Traditional security tools cannot keep up with today’s rapid development pace or modern application portfolio scale.
However, sacrificing security for development speed places critical and confidential personal and business information at risk—from financial to healthcare data—and can disrupt operations or even cause outages.
Code Scanners Cannot Meet Modern DevOps
Legacy AppSec approaches that rely on point-in-time scanning are plagued by development delays and highly inaccurate results. Scans take many hours, if not days—not ideal timelines for agile teams that ship code multiple times a day.
Imagine a server bug on an e-commerce platform serving millions of customers; the company will lose thousands of dollars every second…
http://feedproxy.google.com/~r/TheHackersNews/~3/hFSzwevgFlk/devops-appsec-cybersecurity.html