start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Close
Select Page

As companies strive to build secure, reliable applications, new findings reveal an overlooked cost: developers’ time spent managing security issues.

A recent IDC report1 for JFrog finds that software developers are dedicating a significant portion of their workweek—up to 19 percent—to security-related tasks, like scan reviews, secrets detection and context-switching between multiple tools.

Key findings from the report, published in IT Pro, show that this time investment costs companies roughly $28,000 per developer annually. There are also additional concerns about much of this work happening outside of standard hours, adding strain on developers and reducing overall productivity.

In addition to developers, 50 percent of senior developers, team leaders and managers find that time spent on security is hindering their ability to focus on critical projects, affecting innovation and the timely release of new applications.

Tool sprawl is also cited as another hidden cost of application security. 80 percent of organizations report using from six to twenty different security testing tools. When used in silos, these tools generate a lot of noise and make distinguishing between genuine threats and false positives challenging.

Sorting through false positives or duplicate vulnerabilities consumes an inordinate amount of developer time and is leading some developers to skip steps entirely. According to the report, less than a quarter of developers conduct static application security testing (SAST) before code deployment, leaving room for even more potential vulnerabilities.

While these numbers are concerning, it is important to note that organizations do have an increasing number of options available. Single platform solutions like HCL AppScan on Cloud provide a wide array of testing tools under a single umbrella. Findings from DAST, SAST, IAST and SCA scans can be reviewed in centralized dashboards and security tasks can be easily shared between multiple team members. Results from these various tools can also be correlated together for more efficient triage and remediation.

Additionally, AI is being used more and more not only to help reduce the number of false positives in scan results, but to widen scan coverage and also to assist with remediation in tools like HCL AppScan AutoFix.

Application security testing is a critically important tool in helping organizations reduce business risk and manage their overall application security posture as they compete in the digital+ economy.

While this report highlights some of the challenges in building an effective security culture, there is an increasing number of tools, methodologies, and training available to help.

Learn how HCL AppScan can help your organization increase your security posture with reduced time and resources.

Source:

1 - https://investors.jfrog.com/news/news-details/2024/JFrog-Sponsored-IDC-Study-Shows-Growing-Developer-Focus-on-Software-Security-Impacting-Companies-Competitive-Advantage/default.aspx.

Comment wrap

Start a Conversation with Us

We’re here to help you find the right solutions and support you in achieving your business goals.

  |  December 23, 2024
Transforming Application Security Testing with Developer-Centric DAST
Empower developers to find and fix vulnerabilities early with developer-centric DAST. Learn how this approach can improve your application security testing.
  |  December 12, 2024
Building Resilient Applications with AST and ASPM: A Dual Defense Strategy
Learn how Application Security Testing (AST) and Application Security Posture Management (ASPM) work together to secure your applications in the Digital+ world. Download HCLSoftware's free eGuide to get started.
  |  December 5, 2024
How Cryptocurrency and Blockchain are Reshaping Supply Chain Security
Discover how cryptocurrency and blockchain enhance supply chain security with tamper-proof ledgers, instant payments, and smart contracts. Improve efficiency and trust.