Due to the need for rapid development and innovation, developers are increasingly turning to open-source frameworks and libraries to accelerate software development life cycles (SDLC). The use of open-source code by developers grew 40% and is expected to expand 14% year on year through 2023.
A critical part of the problem is that legacy application security uses an outside-in model where security sits outside of the software and SDLC.
For example, a component with a "high" severity vulnerability may be acceptable in an application that manages data that is neither critical nor sensitive and that has a limited attack surface.
It is no surprise that automating some application security processes improves an organization's ability to analyze and prioritize threats and vulnerabilities.