Organizations are running scans on their apps 20 times more than they were just 10 years ago.
Software security best practices are rapidly evolving, according to a new study issued by application security company Veracode. Their 12th annual State of Software Security Report showed that on average, organizations are running scans on their apps 20 times more than they were just 10 years ago. The report also revealed that scan frequency has seen a dramatic increase. Developers are now testing more than 17 new applications per quarter This is more than triple what they did during the same period a decade ago.
Hope Goslin, Content Marketing Manager at Veracode, highlighted the results of the study in a blog post. “The world is becoming more connected than ever before,” Goslin writes. “But it’s not just increased connectivity that’s shaping the security landscape — it’s the hypercompetitiveness and the need to constantly innovate.”
“This need for speed is driving development teams to adopt native cloud technologies, agile methodologies, open-source code, and microservices,” she adds.
A three-fold increase in applications scanned
The adoption of microservices has led to an increase in the number of applications scanned as well as a pivot to one-language applications, according to Goslin. “Organizations are scanning more than triple the number of apps scanned per quarter a decade ago. And over the past four years, organizations decreased their use of applications with multiple languages from 20 percent down to less than 5 percent.”
Continuous testing and integration, which includes security scanning in pipelines, is becoming the norm, Goslin asserts. “We’ve seen a 31 percent increase in the use of multiple scanning types between 2018 and 2021, with much of that gain coming from customers using the full suite of static, dynamic, and software composition analysis (SCA) scans.”
This year’s report reinforced the findings of previous studies that stated that developers tend to stick to the libraries they know and love rather than bouncing around and refactoring their code base in order to switch to the newest or “most popular” libraries.