ao link
Business Reporter
Business Reporter
Business Reporter
News
Technology
Management
Finance
Sustainability
Resources
Events
Talk Shows
Jobs
Search Business Report
My Account
Remember Login
Register|Reset Password
My Account
Remember Login
Register|Reset Password
News
Technology
Management
Finance
Sustainability
Resources
Events
Talk Shows
Jobs

Optimising software coding with automation

Technology14 Oct 2024

John Smith at Veracode argues that automation saves time, reduces security debt and makes coding fun again

 

The introduction of new applications in companies is often a lengthy process. For implementation, integration, customising, ongoing operation and updates, developers must adapt or add code  and scan and secure the changes as part of application risk management - this often takes months. During this time, the full licence fees are usually due, which causes unnecessary costs, hinders progress or innovation elsewhere, and jeopardises the overall security of the programmes. 

 

Above all, however, it costs developers and security managers time and effort. What happens, on the other hand, if the necessary steps are largely automated?

 

In the world of enterprise software, security should be a non-negotiable element. Yet Veracode’s State of Software Security 2024 Report (SoSS 2024) found so-called ‘security debt’ – an accumulation of bugs that are not fixed over long periods of time – in 71 percent of companies. 

 

While the need for application risk management with security scanning and remediation is undeniable it is clear from the SoSS 2024 report that developers don’t usually have a lot of time to spend on it. From configuring pipelines to setting up tickets to remediate, every step takes time and effort. 

 

This effort multiplies exponentially in companies with hundreds or thousands of applications that need to be implemented, processed, scanned and secured. But deadlines are usually tight and developers are overloaded, so it’s no wonder that security is not one of the developers’ favourite tasks. 

 

What’s more, it is often the case that they are not sufficiently trained by their companies. Veracode’s research found that almost 70% of developers state their employer does not provide adequate security training, so they need to find ways to improve by themselves.

 

Simplifying development workflows

This is where ‘make it disappear’ comes into play – an idea that aims to eliminate the time-consuming process of integrating security into software development and instead automate it with tools based on Machine Learning (ML) or Artificial Intelligence (AI).

 

The principle is simple: as soon as a developer performs an action, such as changing code, the tool automatically triggers the security scan in the background. Results are presented immediately, including potential security vulnerabilities and library dependencies. Possible solutions are also highlighted and can be implemented with a click of a button.

 

The approach aims to free developers from manual configuration and application development and instead seamlessly integrate code security scanning and vulnerability remediation into their workflows through automation.

 

Instead of spending time on setup, scanning and maintenance, they can focus on other essentials: developing and customising high-quality software that supports or enables a variety of tasks and processes. This makes their work much more efficient and successful and eliminates tedious, repetitive tasks. Work is more fun and the potential for innovation increases.

 

Security posture is also strengthened: as scans and suggestions for improvement are carried out automatically, the likelihood of security breaches decreases significantly. This is particularly important at a time when security risks are rising because hackers are also increasingly benefitting from AI.

 

An important aspect of the ‘make it disappear’ approach is the automated elimination of security vulnerabilities in software code and its adaptability to different development platforms. From integrated development environments to continuous integration systems, automation is possible almost everywhere. Whether with GitHub, Azure DevOps, GitLab or Bitbucket, every developer should be able to benefit from these advantages.

 

Onboarding more applications in less time

The effects of ‘make it disappear’ are already being felt. Companies that have embraced automation have achieved impressive results. For example, a well-known, large media company was able to securely integrate 3,000 applications in just one and a half months thanks to semi-automated processes and templates, such as CI integration and a GitHub workflow app. 

 

This is a massive acceleration compared to traditional manual methods. It illustrates the transformative power of AI- and ML-based automation, enabling organisations to optimise their application development and security operations to achieve more goals in less time.

 

Reduced security debt and optimised processes

The success of application development and a company’s innovation potential depend on happy developers who enjoy coding. By automating important but unloved tasks such as code security, which takes up a lot of time, they can concentrate on their core tasks and contribute more creatively than before to the further development of their company - without having to compromise on security. 

 

Automation does not take the responsibility for secure coding away from developers. Rather, it supports them by pointing out errors or gaps at an early stage and suggesting solutions. It also helps to integrate security aspects more strongly into the development process, which ultimately leads to higher software quality.

 

In addition, developers can more easily take action against ‘security debt’. According to Veracode’s State of Software Security Report, 46% of organisations have persistent, serious vulnerabilities that are considered ‘critical security debt’ and put companies at serious risk in terms of impact on confidentiality, integrity and availability.

 

With AI-powered remediation, developers can reduce the time to fix security flaws from hours to minutes, saving hundreds of thousands of pounds for their organisations.

 

The future of secure coding is automation

Nowadays, two aspects are at the forefront of application development: speed (going live and time-to-market) and security. By eliminating manual processes and providing automated solutions, companies not only save time and costs, but also take their software development to a new level. This means greater innovation potential, faster time-to-market, and better competitive opportunities in a global world.

 

The principle of ‘scan as early as possible as much as possible and in every phase of the pipeline’ can thus be realised – without developers losing the fun of coding.

 

The future of coding is automated. Time and cost efficiency, as well as ensuring software security and fun while programming, are no longer a pipe dream, but already a possibility today.

 

 

John Smith is EMEA CTO at software security firm Veracode

 

Main image courtesy of iStockPhoto.com and asbe

AI & AutomationRisk ManagementTechnology

Most Viewed

Business Reporter

Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF

23-29 Hendon Lane, London, N3 1RT

020 8349 4363

Cookie Policy
Terms of Business
17 Global Goals
Campaign Schedule
Lead Generation Media Kit
Sustainability Report
Contact Us
Privacy Policy
Terms and Conditions
Private Dining Media Kit
Media Kit
BR Studio
Content Guide
Traffic Drivers
Case Study

© 2024, Lyonsdown Limited. Business Reporter® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543

We use cookies so we can provide you with the best online experience. By continuing to browse this site you are agreeing to our use of cookies. Click on the banner to find out more.
Cookie Settings