References
REFERENCES AND ACRONYMS
Gartner, “Critical Capabilities for Application Security Testing”, 27 April 2020.
1
Consortium for Information and Software Quality, ”The Cost of Poor Software Quality in the US: A 2020 Report”, 1 January 2021.
2
Anderson, Paul, “Measuring the Value of Static-Analysis Tool Deployment”, IEEE Security & Privacy, May-June 2012.
4
Morales, Jessica, “Research Uncovers the Hidden Costs of Detection-based Cybersecurity”, 6 February 2018.
5
AtlasVPN, “App Development Security is the most wanted cybersecurity skill in 2021” 6 January 2021.
6
Gartner, “Magic Quadrant for Application Security Testing”, 29 April 2020.
7
Gartner Research “Integrating Security Into the DevSecOps Toolchain”, 15 November 2019.
8
Gartner Research, “12 Things to Get Right for Successful DevSecOps”, 19 December 2019.
9
Businesswire, “Nearly 50 Percent of Organizations Knowingly Push Vulnerable Software, According to New Research from ESG and Veracode”, 11 August 2020.
10
Acronyms
Application Security Testing
AST, AppSec
Common Attack Pattern Enumeration & Classification
CAPEC
Common Architecture Weakness Enumeration
CAWE
Continuous Integration / Continuous Delivery
CI/CD
Common Vulnerabilities and Exposures
CVE
Common Weakness Enumeration
CWE
Dynamic Application Security Testing
DAST
Development/Operations
DevOps
Development/Security/Operations
DevSecOps
Interactive Application Security Testing
IAST
Integrated Development Environments
IDE
Static Application Security Testing
SAST
Software Composition Analysis
SCA
Testing performed earlier in lifecycle
Shift Left
Identifying software defects
Vulnerability Assessment
Classifying, monitoring, and remediating software defects
Vulnerability Management