1 C
New York
Thursday, February 2, 2023

ShiftLeft Releases its 2022 AppSec Progress Report 2022 – Yahoo Finance

Based on findings from millions of scans last year, ShiftLeft tracked significant AppSec progress with more frequent and faster scans and a 97% reduction in false positives.
SANTA CLARA, Calif., June 23, 2022–(BUSINESS WIRE)–ShiftLeft, an innovator in automated application security testing, released its second annual AppSec Progress Report documenting critical trends in application security and how organizations are shifting security left to deal with the ever-rising volume of attacks and disclosed vulnerabilities. The report covers year-over-year trends and general findings analyzed from millions of scans last year using the ShiftLeft CORE platform across applications running numerous programming languages in different technology architectures including cloud native, on-premise and hybrid configurations.
Key findings from the report include:
97% reduction in open source software (OSS) vulnerabilities — By identifying and prioritizing OSS vulns that are actually attackable, AppSec teams and developers fix what matters, ship code faster and actually improve security with fewer, better fixes.
37% YoY reduction in Mean-Time-to-Remediate (MTTR) — Laser focus on attackability and reduced false positives allows developers to make fixes faster and reduce MTTR. This improves security posture and reduces the likelihood of attacks by reducing the time that vulnerabilities are exposed. In fact, ShiftLeft found that development teams were fixing 76% of attackable vulnerabilities within two sprints (12 days).
90 second median scan time — Rapid scans enable teams to scan more frequently, improving security coverage for fast iterating applications and enabling better coverage of very large applications that previously required hours or days to scan.
Significant increase in scan frequency —- Faster scans, automated insertion in CI pipelines, and greater scan coverage across more languages, also enabled AppSec teams to shift from scanning for vulnerabilities monthly or weekly to daily scans. The report tracked 68% increase year-over-year in daily scans.
Estimated vulnerable Log4J exposure at only 4% — Due to the pervasive and widespread nature of Log4J, many application security teams struggled to identify all instances of the logging library in their application stack. Obscured and nested instances (in JAR files, for example) caused particular problems. ShiftLeft analyzed scans for the Log4J vulnerability and mapped actual data flows through production applications by combining the results of Static Application Security Testing (SAST) analysis and Software Composition Analysis (SCA). The analysis found that only 4% of all Log4J instances were vulnerable. Teams that had this information saved months of wasted time hunting down and fixing Log4J instances that posed little or no risk.
The report highlights how shifting application security left to engage developers earlier in the software development lifecycle results in faster fixes and less wasted energy prioritizing and fixing vulnerabilities that pose little to no risk. The report also underscores the importance of a holistic technology approach that integrates both SAST and SCA to provide a clear picture of attackability and subsequent prioritization of security fixes to reduce focus to fixing what matters.
"Based on our findings, two out of three development teams are literally wasting time on the 97% of fixes that are not attackable and provide little security benefit," said Manish Gupta, CEO at ShiftLeft. "On the other hand, teams that shift security left and focus on attackability ship more secure code, more frequently. This clearly improves the security of their applications while also improving developer productivity and product velocity."
About ShiftLeft
ShiftLeft empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left. A unified code security platform, ShiftLeft CORE scans for attack context across custom code, APIs, OSS, containers, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use ShiftLeft ship more secure code, faster. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, California.
View source version on businesswire.com: https://www.businesswire.com/news/home/20220623005346/en/
PR Contact:
Corinna Krueger
Rosenblatt analyst Kevin Cassidy noted that Inceptio Technology, an autonomous driving truck technology, and operation company, selected Ambarella, Inc's (NASDAQ: AMBA) edge AI system-on-chip to deliver Level 3 automated driving. Ambarella's AI SoC included surround camera and front ADAS perception with AI compute using two of Ambarella's CV2FS and CV2AQ SoCs. Inceptio confirmed that their Xuanyuan autonomous driving system used four of Ambarella's edge AI SoCs (2 CV2FS and 2 CV2AQ) as evidence
Tesla, Inc (NASDAQ: TSLA) supplier Contemporary Amperex Technology Co Ltd launched an electric-car battery with a range of over 1,000 kilometers (620 miles) on a single charge. CATL claimed that the battery was 13% more potent than Tesla's 4680 battery to be made by Panasonic Holdings Corp (OTC: PCRFY), the Bloomberg reports. The Qilin battery has an energy density of 255 watt-hours per kilogram. Also Read: Panasonic Disclosed Finalizing US Site For Tesla's New Battery Plant The battery charges
If you're after a deal on an Apple Watch, a Mac, or even AirPods, Amazon is starting deals early ahead of Prime Day 2022.
SpaceX fears 5G mobile communications could have a devastating impact on its Starlink services in the U.S. market.
The retailer says the new hybrid system allows the company to switch between cloud providers and its servers, saving time and money.
Solana on Thursday launched a Web 3.0 phone dubbed “Saga” in a move to tap into the burgeoning number of mobile phone users accessing digital assets. See related article: Solend DAO overturns vote to take over at-risk ‘whale’ wallet Fast facts The Android mobile phone by Solana Mobile, a unit of Solana Labs, is “tightly […]
A top Chinese computer scientist said China is better positioned than Russia to cope with possible sanctions on chip design architecture from Western countries, adding that the country could develop a different ecosystem based on the RISC-V architecture and expand it among members of the Belt and Road Initiative. Bao Yungang, a computing technology expert at the Chinese Academy of Sciences and the secretary general of the China RISC-V Alliance, made the comments on the Chinese question-and-answe
One recent case shows clearly that the app, without which people can't even go to work, could easily be exploited by a government bent on control.
Cryptocurrency has often been touted as a way to decentralize our finances (DeFi), freeing money from the throes of government control. And while crypto does have its benefits, it can also be…
Samsung Electronics has unveiled its latest 200-megapixel camera sensor with some of the tiniest pixels yet.
Being an investor hasn't been particularly easy in the current bear market, but savvy investors also know that taking advantage of today's bargain prices can lead to life-changing returns over the long term. One business that fits the bill is MongoDB (NASDAQ: MDB). MongoDB has crushed the market since going public in 2017, producing returns of 678% to shareholders relative to S&P 500's 43%.
Smart contracts platform Avalanche is supporting native bitcoin on its bridging service, the AVAX token has rallied by 7.4% as a result.
(Bloomberg) — Shareholders of BlackBerry Ltd. rebuked the board and major shareholder Prem Watsa, rejecting the company’s executive compensation plan and voting in large numbers against Watsa’s re-election as a director. Most Read from BloombergJuul’s Vaping Products Are Ordered Off the Market in the USElon Musk Says New Tesla Plants Are ‘Money Furnaces’ Losing BillionsRecession Worries Boost Treasuries; Stocks Advance: Markets WrapThese Are the World’s Most Liveable Cities in 2022The World’s B
Genius tools designed to save time and sanity.
Southwest Airlines was upgraded to a strong buy from outperform by a sell side firm Thursday. Let's check out the charts and technical indicators to see if these two investment approaches are in sync. The On-Balance-Volume (OBV) line declined to December and has since gone sideways.
McDonald's Corp (NYSE: MCD) has expanded its mobile app partnership with financial technology platform Adyen (OTC: ADYEY) to the U.S. The two companies began working together in early 2020 in the U.K. and are now expanding to other global markets. Adyen enables customers to pay with their saved payment method on the McDonald's mobile app at the front counter, kiosk, or drive-thru using a four-digit code, providing convenience and supporting operational speed. "Adyen has handled mobile volumes du
(Bloomberg) — Apple Inc. says an antitrust bill aimed at cracking open the app-store market will make iPhones less secure — even though Congress and some large firms already have Apple-approved tools that let them bypass the App Store. Most Read from BloombergJuul’s Vaping Products Are Ordered Off the Market in the USThese Are the World’s Most Liveable Cities in 2022Elon Musk Says New Tesla Plants Are ‘Money Furnaces’ Losing BillionsRecession Worries Boost Treasuries; Stocks Advance: Markets Wr
SAN FRANCISCO (Reuters) -An Italian company's hacking tools were used to spy on Apple Inc and Android smartphones in Italy and Kazakhstan, Alphabet Inc's Google said in a report on Thursday. Milan-based RCS Lab, whose website claims European law enforcement agencies as clients, developed tools to spy on private messages and contacts of the targeted devices, the report said. "These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house," Google said.
The co-founder and CEO of Solana, Anatoly Yakovenko, had a Steve Jobs moment when he stood in front of an auditorium in New York City and announced the launch of Saga, an Android web3-focused smartphone. “This is something that I fundamentally believe the industry needs to do,” Yakovenko said. People will pull out their laptops in the middle of dates so they don’t miss an NFT minting opportunity, Yakovenko joked.
Starting today, merchants in the U.S. will be able to download the Twitter sales channel app from Shopify’s app store.


Related Articles


Please enter your comment!
Please enter your name here

Latest Articles