Cycode, a prominent cybersecurity company, recently introduced its innovative next-generation SAST engine as part of its ASPM platform. The new engine has already demonstrated exceptional results, boasting a remarkable 94% reduction in false positives in OWASP benchmark tests compared to other well-known open-source and commercial alternatives.
In today’s fast-paced technological landscape, application security teams face the daunting task of protecting expansive attack surfaces from increasingly sophisticated threats while also managing costs effectively. The conventional approach of utilizing noisy scans and disparate point solutions often falls short in keeping up with the rapid pace and scale of modern development processes. ASPM has emerged as a solution to bring clarity to the complex realm of security data and expedite the identification and mitigation of high-risk vulnerabilities and weaknesses. However, the effectiveness of ASPM hinges on the quality of data and accuracy of scans employed.
According to Katie Norton, Research Manager specializing in DevSecOps and Software Supply Chain Security at IDC, application security teams are under growing pressure to secure intricate software environments without impeding development progress or inflating expenses. This challenge has led to the strategic adoption of Application Security Posture Management (ASPM) as a means to lower risks and enhance operational efficiency. With the integration of enhancements in its precise SAST engine into the ASPM platform, Cycode aims to assist customers in improving visibility, refining risk assessment, expediting remediation efforts, and optimizing security investments.
The Cycode SAST engine delivers rapid and accurate security feedback for in-house code. Leveraging modern software architecture, the new engine combines real-time scanning with comprehensive cross-functional and cross-file analyses to quickly identify authentic positives and provide developers with profound insights for efficient remediation. By offering industry-leading SAST within Cycode’s Complete ASPM platform, customers can reduce risks, enhance developer productivity, and lower total ownership costs.
Guillaume Montard, Head of Product at Cycode, highlighted the significant benefits witnessed by early adopters of the company’s next-generation SAST engine. In one organization, over a third of the findings from the previous SAST tool were false positives, a number that Cycode reduced to a mere 2%. This remarkable improvement translates to the elimination of over 30,000 false positives in an organization with 100,000 SAST findings, while maintaining an impressive 75% recall rate for true positives.
As organizations increasingly embrace ASPM to fortify their security postures, the ability to deliver high-quality security data emerges as a critical differentiator. Traditional SAST solutions often introduce friction due to high false-positive rates and sluggish scans, hampering their effectiveness within modern DevSecOps workflows. By incorporating a cutting-edge SAST engine into its Complete ASPM platform, Cycode ensures that security teams and developers have access to precise, actionable insights, empowering them to focus on genuine risks and accelerate remediation processes.
To delve deeper into Cycode’s innovative solutions, visit their website at https://cycode.com/. Join the Information Security Community on LinkedIn to stay updated on the latest cybersecurity trends and developments.