In the 2021 Gartner Magic Quadrant for Application Security Testing, Synopsys placed highest and furthest for the third consecutive year for our ability to execute and our completeness of vision.
True leadership involves helping others succeed. This is as true in the world of cyber security as it is anywhere else, and it’s a philosophy we take seriously at Synopsys.
Which is why I’m proud to report that for the fifth consecutive year, Gartner has positioned Synopsys as a Leader in the Magic Quadrant for Application Security Testing (AST). And for the third consecutive year, Synopsys is placed highest and furthest for our ability to execute and our completeness of vision.
This continued recognition from Gartner reflects our commitment to building trust in software and to helping our customers succeed by bridging the gap between development and security and enabling their developers to move faster.
For our customers, speed is the name of the game. The faster they can go to market with their offerings, the more successful they are. Software developers must move fast to keep up, checking in code changes on a daily or even hourly basis. Anything that gets in their way or slows them down is a potential threat to their business.
Gartner has also observed this new reality, as stated in the Magic Quadrant report:
“Customers require offerings that provide high assurance, high-value findings, while not unnecessarily slowing down development efforts. Clients expect offerings to fit earlier into the development process, with testing often driven by developers rather than security specialists. As a result, this market evaluation focuses more heavily on the buyer’s needs when it comes to supporting rapid and accurate testing capable of being integrated in an increasingly automated fashion throughout the software development life cycle (SDLC).”
Given this emphasis on speed, and the complexity that comes with managing the exponential growth in software, it’s no surprise that application-layer vulnerabilities remain the biggest cyber security risk. At the same time, development and application security (AppSec) teams have learned the hard way that throwing more automation and more testing tools into the mix isn’t the answer when it just produces more noise. In fact, more automation and more testing too often lead to clogged pipelines and overwhelmed developers, causing them to spend more time tracking down dead ends than creating software.
Given our industry-leading, comprehensive portfolio of application security testing products and services, we recognized the need to do more to help our customers overcome friction and complexity within their SDLCs. What was missing was the ability to harmonize the various testing solutions, optimized for speed and efficiency, within their development toolchains and workflows.
Our answer to this need is Intelligent Orchestration—a dedicated AppSec automation pipeline that ensures the right security tests are performed at the right time. It runs only the tests you need, when you need them, and filters the results based on risk, so developers can focus on what matters most. Its concepts and technology were developed and refined through years of experience helping customers navigate the challenges of balancing speed with large volumes of security testing results.
The seamless integration of Intelligent Orchestration with existing pipelines and development toolchains, including open source and third-party tools, is essential in our quest to provide transparent, value-driven solutions to the market.
Synopsys remains committed to providing the most comprehensive suite of AppSec tools, and our position in the Gartner Magic Quadrant provides validation of that commitment.
The strength of our portfolio comes through in two dimensions. First, the portfolio is the most comprehensive in the market, supplementing the foundational elements of SAST (Coverity®), DAST (Tinfoil Web Scanner™), IAST (Seeker®), and SCA (Black Duck®) with unique offerings such as Defensics® protocol fuzzing and Tinfoil API Scanner™. Second, each tool stands on its own as a market leader in its functional area. For example, Coverity and Black Duck are leaders in The Forrester Wave™ reports for static analysis and software composition analysis, respectively.
Here is a quick summary of our portfolio:
In addition to continuing to optimize our suite of offerings and Intelligent Orchestration, Synopsys has several exciting initiatives underway to help our customers minimize risks while maximizing speed and productivity. And while I don’t want to give any spoiler alerts, we believe the continued recognition by Gartner for our completeness of vision is evidence of our forward-looking approach to application security.
I would be remiss if I didn’t mention our strong showing in this year’s Gartner Critical Capabilities for Application Security Testing report as well. Out of five use cases, Synopsys earned the highest score among vendors in three of them: Mobile & Client, DevOps/DevSecOps, and Cloud-Native Applications. Again, we pride ourselves in providing security solutions for the areas most relevant to our ever-changing market.
As we look ahead, we’re excited to continue this journey of bringing trust to software in a holistic and open manner.
Jason Schmitt is the general manager of the Software Integrity Group at Synopsys. He is a seasoned leader with a proven track record of deep technical knowledge, product development, insight into emerging and rapidly changing cybersecurity challenges, and go-to-market strategy and implementation. He brings more than 20 years of experience in security and enterprise product development and management. Prior to Synopsys, Jason served as the CEO of cloud security startup Aporeto, and vice president and general manager of Fortify and ArcSight at Hewlett Packard. Jason is a Louisiana native, who completed his bachelor's degree in Mechanical Engineering and master's degree in Computer Science at the Georgia Institute of Technology, and his MBA at Georgia State University’s J. Mack Robinson College of Business.