Successful DevSecOps: What You Need to Get Right

Oct 16 2017

CYBRIC was recently mentioned in the new Gartner “10 Things to Get Right for Successful DevSecOps” report, which outlines specific guidance to address 10 areas that SRM leaders must get right to successfully enable DevSecOps.

One of the 10 things that authors Neil MacDonald and Ian Head highlight is the change in use of traditional Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST). According to Gartner: “In DevSecOps, you should scan for unknown vulnerabilities in custom code. However, don’t expect to use traditional static and dynamic application security testing tools and services without changes (see “Magic Quadrant for Application Security Testing“). These traditional testing solutions will need to either be refactored, retuned or replaced.”

By integrating with security and DevOps tools across the development lifecycle, CYBRIC addresses these challenges by providing continuous visibility and assurance across all code repositories, application deployments and cloud infrastructures. According to the Gartner report “by 2019, more than 70% of enterprise DevSecOps initiatives will have incorporated automated security vulnerability and configuration scanning for open-source components and commercial packages, up from less than 10% in 2016.” At CYBRIC, we automate and orchestrate code and application security across the development lifecycle, reducing application vulnerability exposure with security at the velocity of DevOps, without impacting the product environment.

Existing tools and approaches such as point-in-time vulnerability scans, pen tests and code validation lack a holistic view of security posture. Our mission at CYBRIC is to unify all security testing tools to give organizations a single, continuous view into the security assurance and risk posture of their applications.

We’re excited to see Gartner validating the trends we’re seeing the market and look forward to meeting the evolving needs for DevSecOps as enterprise continues to shift left with application security.

* Source: Gartner “10 Things to Get Right for Successful DevSecOps” by Neil MacDonald, Ian Head, 3 October 2017.

  • Share: