Part of the evolution of software security has been the change in the mantra “shift left”—as in, start testing your software earlier in the software development life cycle (SDLC)—to “shift everywhere”—as in, run the right test at the right time, as soon as there is an artifact to test.
But the challenge for security teams is testing tools that can’t keep up with the speed of development, or that overwhelm developers with hundreds or even thousands of findings that may not be critical or even relevant to the priorities of an organization.
The solution for that challenge is an automated tool for application security orchestration and correlation (ASOC). The orchestration function in ASOC tools uses policy-as-code to prevent a flood of trivial or irrelevant findings, so they flag only the defects that matter most to an organization. And the correlation engine combines the results from multiple testing tools into a set of unified results.
In this episode of AppSec Decoded, recorded at RSA 2022 in San Francisco, cybersecurity experts Anita D’Amico, vice president of business development with Synopsys, and Taylor Armerding, security advocate with Synopsys, discuss the specific functions and benefits of ASOC tools.