Reducing your costs during the SDLC
As technology increasingly becomes apart of our daily lives – we are seeing an increase of applications being developed to meet the growing need of consumers. With that comes a greater need to produce said applications quicker. With that comes the issue of overlooked bugs and sloppy coding increasing the ever present threat of attacks for businesses and users. A report published by the NIST (National Institute of Standards and Technology) in 2011 noted that 95% of all vulnerabilities stem from the application layer (Refer to Fig 1.0).
Fig 1.”Areas of Vulnerability” Source: NIST 2011
This is a staggering amount of vulnerabilities that are left open due to various circumstances but can easily be negated through proper security measures during the SDLC. Opting to proactively look for these vulnerabilities during the SDLC rather than reactively fixing them post release can save a company from a multitude of issues such as bad publicity, time better spent elsewhere, and most importantly costs.
Fig 2.”Cost to fix Bugs during SDLC”
Although figure 2.0 uses data from 1996 it is clearly evident that the cost to fix a bug exponentially increases further along the SDLC with the least expenses incurred during the coding phase. This is where IBM’s Security AppScan Source Edition comes into play.
AppScan Source Edition’s two main functions are to identify vulnerabilities during the coding phase through source code analysis and then eliminating them efficiently. Applying security measures during the build process further mitigates the chances of vulnerabilities getting past. AppScan Source Edition has the capabilities to scan more than one million lines of code per hour allowing for even the most complex enterprise level applications to be analyzed.
It’s versatility extends further to detailing and reporting security issues and the status of them for governance and compliance (Up to 40 supported security compliance reports) related functions. Reports are prioritized in terms of severity to better help service teams fix vulnerabilities efficiently, audits and compliance reports are crafted so it is easily digestible at the executive level.
AppScan Source is based on an open architecture allowing you to seamlessly integrate it into your current work environment and tools. The ability to define security policies to be followed and have it be enforced thoroughly allows AppScan Source to be an enforcer for Security Practices across the entire enterprise.