Open-source software helps companies and organisations significantly reduce software development cycles making it more cost effective for the delivery of commercial applications. But it is critical that developers understand the threats that deploying open-source can bring and the steps needed to ensure applications are secure. This article looks at these important steps.
Lai Jianxin is Xcalibyte’s Head of Research & Development for their static code analysis tool, Xcalscan. In this article, he talks about the key requirements for static application security testing.
Shift-left testing is done earlier in the SDLC in parallel to code development and makes the developer a responsible party for ensuring the code quality is high and defect-free. ‘Shift-right’, the traditional testing phase, does not go away as some bugs can only be found in runtime. They should both be used to complement each other.