8 Lessons from Gartner Security Summit


I attended the Gartner Security Summit held in Maryland,USA on June 17th - a 4 day event with about 3,500 attendees and about 200 vendor exhibits. Yes, that’s right! That’s how active and competitive the security space is.

Apart from attending the Gartner analyst sessions, I also networked with a few CISOs and Security folks over the lunches and breakfasts. Here are a few applications security trends and recommendations that I heard during my time at the summit:

  1. Open Source and third party components are becoming ubiquitous in the enterprise builds. Hence, Enterprises now are exposed to increased open source software security risks.


  2. SCA or Software composition analysis has come off peak on the “hype” cycle and now becoming a reality. Gartner’s Zaira Pirzada recommends application security solutions that provide SCA as a feature.


  3. Understand that there is often a trade-off between speed and depth of analysis provided by application security testing tools. Consideration needs to be made while making your pick


  4. Increasingly developers are playing an important role in deciding on the application security solutions  


  5. Gartner Magic quadrant for application security is a good place to start with, for application security tools and avoid the noise. Niche players in the quadrant like CAST offer capabilities like Application Health metrics in addition to application security


  6. False positives and lack of coverage continue being the challenges for the application security tools. Machine learning is increasingly seen as way to fix this gap.


  7. Shifting security left or building codes with security-in are increasingly gaining attention and interest. Enterprises are still not completely aware of Software quality and better coding standards and practices promoted by organizations like CISQ.

  8. Most enterprises also do not know how to enforce engineering adherence to coding standards and best practices to build secure code. This is a challenge and more education and training is needed.
  This report describes the effects of different industrial factors on  structural quality. Structural quality differed across technologies with COBOL  applications generally having the lowest densities of critical weaknesses,  while JAVA-EE had the highest densities. While structural quality differed  slightly across industry segments, there was almost no effect from whether the  application was in- or outsourced, or whether it was produced on- or off-shore.  Large variations in the densities in critical weaknesses across applications  suggested the major factors in structural quality are more related to  conditions specific to each application. CRASH Report 2020: CAST Research on  the Structural Condition of Critical Applications Report
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
Making sense of cloud transitions for financial and telecoms firms Cloud  migration 2.0: shifting priorities for application modernization in 2019  Research Report
Vinod Nair
Vinod Nair Software Intelligence Evangelist
Vinod Nair is a Marketer and demand generation specialist at CAST. Vinod has over 12 years of experience in Technology industry, having donned multiple hats as marketing , sales strategy and Business operations professional.
Load more reviews
Thank you for the review! Your review must be approved first
New code

You've already submitted a review for this item