Key criteria for evaluating developer security tools


Contents

  1. Summary
  2. Introduction to security tools for developers
  3. Methodology of the report
  4. Analysis of decision criteria
  5. Evaluation metrics
  6. Key criteria: impact analysis
  7. The analyst’s point of view
  8. About Shea Stewart

Summary

Software should be written, built and deployed with security in mind. This is true both for the application being created and the activities involved in its creation. In an ideal world, developers would also be security engineers and incorporate appropriate risk mitigation features into their software applications, also follow proper procedures, and enforce policies to mitigate potential risks. The reality for many organizations, however, is that the urgency of software updates or new software often outweighs the ability to apply appropriate security at every stage of development and operation of the lifecycle. of a software product.

By expanding the DevOps movement by considering security at every development or operational stage of an application’s lifecycle, DevSecOps has become as popular a term as DevOps itself. Unfortunately, just like DevOps, DevSecOps is not a single product or SKU that an organization can source. There is no “one size fits all” approach. The term itself can be defined differently to take into account the specific needs of an organization or department, and relates to all people, processes, and tools in a software development workflow.

A key approach, often most associated with the term “DevSecOps”, is to focus on development security tools with a “shift-left” mindset; that is, tools that take security into account as early as possible in the software development lifecycle. This mindset involves rapid security training, information, and direct feedback to developers and engineers early in the development process. We describe this in more detail later.

This Key Criteria report examines the capabilities and trends decision-makers should look for when embracing this left-wing mindset to increase application security and publish speed, while reducing costs and risk.

The report also examines how to assess vendors’ capabilities to deliver security-related information, automation, and compliance closer to the developer earlier in the development workflow, looking for ways to reduce risk during development. ” writing code, storing code and deploying it through processes and pipelines. Among our finds:

  • Development security tools reduce risk and increase developer speed by enforcing and enforcing “shift left” security practices.
  • Automation of developer security tools can bridge the gap between security engineers and developers without sacrificing development speed.
  • Developer security tools integrate with existing development and operational tools to increase visibility of security-related events within development, operations, and security teams.
  • Developer security tools deliver value by leveraging software and architecture vulnerability scanning (cloud and on-premises), application and infrastructure hardening, and other established areas computer security.

Developer security tools and a “shift left” mindset are key elements in helping organizations reduce the security risks associated with building and deploying applications. In addition to establishing security as a first-class citizen throughout the development workflow, this approach offers more traditional companies with long-established software development practices a point of connection to best practices in cutting edge, enabling them to develop and deliver software both quickly and within organizational policies.

How to read this report

This GigaOm report is one in a series of documents that help IT organizations assess competitive solutions against the background of well-defined features and criteria. For a better understanding, consider reviewing the following reports:

Key criteria report: A detailed market sector analysis that assesses the impact of key product features and criteria on high-end solution characteristics, such as scalability, performance, and total cost of ownership, which drive decisions purchase.

GigaOm radar report: A forward looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the industry.

Solution Profile: An in-depth analysis of suppliers based on the framework developed in the Key Criteria and Radar reports to assess a company’s commitment to a technological sector. This analysis includes forward-looking guidance for both strategy and product.


Comments are closed.