Tech analyst ESG says security teams struggle to get actionable insights from varied scanning solutions

DevOps practices force ever-faster development cycles, developers must adapt to find ways to save time. Increasingly, they look to popular open source libraries – but so do the attackers.

The inevitable result is a rapidly evolving attack surface that necessitates multiple types of security scans. But how to deal with the whirlwind of alerts, only some of which represent true vulnerabilities?

Alert fatigue is real, so the software development industry needed a way to correlate testing results to make developers more efficient. This ESG research piece digs into the issue and reports some eye-opening findings:

  • Organizations suffered losses from several kinds of preventable security vulnerabilities/misconfigurations
  • 70% of respondents use more than 11 individual application security testing tools but struggle to correlate the results

The paper identifies Checkmarx Fusion as an effective correlation solution that offers prioritized, actionable insights to drive efficient remediation as development scales