ZeroNorth announced the availability of its Defect Density Dashboard, a new capability within its SaaS-based application security automation and orchestration platform. The new dashboard normalizes scan data from disparate security scan tools to identify the rate of code defects.
This insight offers security and engineering leaders a common framework for collaborating to improve application security and software quality within existing DevOps workflows.
A new variant of the widely used metric for measuring software quality, the ZeroNorth Defect Density Dashboard highlights the number of application security defects per thousand lines of code. ZeroNorth’s defect density metrics are uniquely normalized across all Software Composition Analysis (SCA) and Static Application Security Testing (SAST) scans to provide a leading indicator of code quality throughout the software development lifecycle (SDLC).
For DevOps leaders, defect density provides critical insights that enable them to take pre-emptive actions to improve software quality and avoid costly late-stage vulnerability remediation. The dashboard is highly customizable and enables users to filter data based on specific code repositories and timeframes.
“The use of defect density as a key performance indicator for software resiliency is essential to supporting the instrumentation of the development pipeline for DevSecOps professionals,” commented Jim Routh, Head of Enterprise Cyber Security at MassMutual.
An integral capability of the ZeroNorth platform, the Defect Density Dashboard provides a framework that creates a common language for security and development teams. These capabilities help to improve security and deliver business and economic value, such as:
- CISOs and product security leaders can effectively engage with the development teams by framing application security defects within the context of code quality – a framework that aligns with development’s drivers for quality and productivity.
- Engineering leaders can begin to understand the implications of defects within the code base they are developing. With this insight, they can drive quick and efficient remediation within existing DevOps processes.
- Business leaders gain visibility and clarity into the state of both application security and quality early in the SDLC. With this insight, they can make the right strategic and operational decisions to ensure that defects are fixed early and thus optimize application security, quality, and development velocity, while reducing software development costs.
“Fixing security vulnerabilities after a product hits production can be 100 times more expensive and damaging than fixing a defect when the developer still has their hands on the code,” commented John Worrall, CEO of ZeroNorth. “So, the business case for the ZeroNorth platform is very clear. Application security automation and orchestration, coupled with visibility and analytics enables organizations to address security-related defects in software code early, thereby significantly increasing developers’ productivity and saving money while delivering more secure products out the door faster.”