8 Lessons from Gartner Security Summit

by

I attended the Gartner Security Summit held in Maryland,USA on June 17th - a 4 day event with about 3,500 attendees and about 200 vendor exhibits. Yes, that’s right! That’s how active and competitive the security space is.

Apart from attending the Gartner analyst sessions, I also networked with a few CISOs and Security folks over the lunches and breakfasts. Here are a few applications security trends and recommendations that I heard during my time at the summit:

  1. Open Source and third party components are becoming ubiquitous in the enterprise builds. Hence, Enterprises now are exposed to increased open source software security risks.

     

  2. SCA or Software composition analysis has come off peak on the “hype” cycle and now becoming a reality. Gartner’s Zaira Pirzada recommends application security solutions that provide SCA as a feature.

     

  3. Understand that there is often a trade-off between speed and depth of analysis provided by application security testing tools. Consideration needs to be made while making your pick

     

  4. Increasingly developers are playing an important role in deciding on the application security solutions  

     

  5. Gartner Magic quadrant for application security is a good place to start with, for application security tools and avoid the noise. Niche players in the quadrant like CAST offer capabilities like Application Health metrics in addition to application security

     

  6. False positives and lack of coverage continue being the challenges for the application security tools. Machine learning is increasingly seen as way to fix this gap.

     

  7. Shifting security left or building codes with security-in are increasingly gaining attention and interest. Enterprises are still not completely aware of Software quality and better coding standards and practices promoted by organizations like CISQ.

  8. Most enterprises also do not know how to enforce engineering adherence to coding standards and best practices to build secure code. This is a challenge and more education and training is needed.
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
Making sense of cloud transitions for financial and telecoms firms Cloud  migration 2.0: shifting priorities for application modernization in 2019  Research Report
Vinod Nair
Vinod Nair Software Intelligence Evangelist
Vinod Nair is a Marketer and demand generation specialist at CAST. Vinod has over 12 years of experience in Technology industry, having donned multiple hats as marketing , sales strategy and Business operations professional.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|