IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Gartner: Software businesses must adopt DevSecOps before it becomes mainstream

Integration will ultimately help organisations reduce friction between security and development, research firm says

Software businesses must make DevSecOps and software composition analysis a priority before they become mainstream, research firm Gartner has concluded.

In its Hype Cycle 2022 report, Gartner said DevSecOps and Software Composition Analysis (SCA) will see mainstream adoption in less than two years, listing them as a ‘transformational’ innovations – the highest in its ranking system. 

These transformational innovations are described as having a “significant impact on an organization’s business models” and will drive a need for new strategies and tactics.

By integrating security into the development process, businesses can eliminate or reduce friction between security and development and, ultimately, achieve a secure software development lifecycle (SDLC). 

The research firm said the drivers include the adoption of DevOps and its need for security and compliance testing that can keep up with the pace of development, as well as its earlier application into the lifecycle compared with traditional application security testing (AST) tools.

Testing results also need to be integrated into the development process in a manner that complements developers’ existing workflows and toolsets, while the use of open source has significantly increased the risk of inadvertent use of vulnerable components and frameworks by developers.

Related Resource

Smarter AIOps

AI powered automation helping your business assure app performance

Black whitepaper cover with title & digital dot design to the right sideFree Download

However, Gartner also noted several key obstacles, including developers believing security testing tools are slowing them down, not understanding the vulnerabilities their coding creates, as well as them not wanting to leave their continuous integration/continuous delivery (CI/CD) pipeline to perform tests or view results.

Static application testing (SAST) and dynamic application security testing (DAST)tools have also been hindered by false positives or vague information which frustrates developers, Gartner added. In contrast, diversity of tools used in modern CI/CD pipeline “will complicate the seamless integration of DevSecOps offerings”.

To counter these, Gartner recommends several tactics, including preparing teams for automated integration, “shifting left” to make security testing tools available earlier in development, and favouring offerings that can link scanning in development to correct configuration, visibility and protection runtime. 

Similarly, SCA tools will help ensure the software supply chain can be trusted, identify known vulnerabilities, ensure components are properly licensed, while supporting the use of OSS in app development.

According to Gartner, SCA should be considered a “foundational element of application security testing” to identify known vulnerabilities and supply chain risks in open source packages.

Featured Resources

Big data for finance

How to leverage big data analytics and AI in the finance sector

Free Download

Ten critical factors for cloud analytics success

Cloud-native, intelligent, and automated data management strategies to accelerate time to value and ROI

Free Download

Remove barriers and reconnect with your customers

The $260 billion dollar friction problem businesses don't know they have

Free Download

The future of work is already here. Now’s the time to secure it.

Robust security to protect and enable your business

Free Download

Recommended

Konica Minolta awarded G-cloud framework contract
cloud computing

Konica Minolta awarded G-cloud framework contract

30 Sep 2022
OutSystems and UiPath strike up intelligent automation partnership
automation

OutSystems and UiPath strike up intelligent automation partnership

29 Sep 2022
Cloudflare announces $1.25 billion Workers Launchpad Funding Program
Business

Cloudflare announces $1.25 billion Workers Launchpad Funding Program

28 Sep 2022
Marketing and finance skill shortage is holding channel partners back – BT Wholesale
Careers & training

Marketing and finance skill shortage is holding channel partners back – BT Wholesale

28 Sep 2022

Most Popular

How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022
Why collaboration is key to digital transformation
Sponsored

Why collaboration is key to digital transformation

13 Sep 2022