Predictions for Application Security
There are several exciting developments predicted for the future of application security expected over the next few years. It is anticipated that providers of software composition analysis tools are likely to see that SCA will become the leader when it comes to application security.
Certainly, it is predicted to outshine and overtake traditional tools by 2022.
SCA looks at how security issues arise from the code that the app depends upon rather than the code created for the app. These dependencies have become more common alongside the increase in open-source components. It is, therefore, reasonable to assume that it is vital to tackle any vulnerabilities that may exist in your open-source libraries.
SAST, on the other hand, looks at solving problems with custom code and it is anticipated that by 2023 SAST solutions will be moving aside to make way for other testing capabilities such as IDEs. These solutions are faster than SAST and moving some of the code over to IDEs means that SAST can focus in on bug discovery at a faster rate. The result is reducing cost and testing times and freeing up QA teams to focus on any system-level issues that need attention.
A prediction that around 10% of the coding issues identified by SAST will be automatically corrected by code implies that security tools will generate code to fix the problem. This has been met with some discomfort since it is one thing to find a security risk and another to resolve it appropriately. However, it remains the case that while a developer can highlight and correct an issue they cannot do so automatically. That said, the code has so far failed to meet security targets so perhaps more focus on helping developers create secure code at the outset would be more effective.
It is universally the case that development teams will continue to need the security tools at the appropriate time and these tools must be fit for purpose and not become a roadblock that impedes development.
If you’re looking for a company that provides business analysis and other software development services contact us.