• Image 01
  • Image 02
  • Image 03
  • Image 04
  • Image 05
  • Image 06
Need assistance? Contact Us: 1-800-255-5897

Menu

  • Home
  • About Us
    • Company Overview
    • Management Team
    • Board of Directors
  • Your Loan Service Center
  • MAKE A PAYMENT
  • Business Service Center
  • Contact Us
  • Home
  • About Us
    • Company Overview
    • Management Team
    • Board of Directors
  • Your Loan Service Center
  • MAKE A PAYMENT
  • Business Service Center
  • Contact Us
Recent Quotes
View Full List
My Watchlist
Create Watchlist
Indicators
DJI
Nasdaq Composite
SPX
Gold
Crude Oil
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

ShiftLeft Releases its 2022 AppSec Progress Report 2022

By: ShiftLeft via Business Wire
June 23, 2022 at 09:00 AM EDT
ⓘ This article is third-party content and does not represent the views of this site. We make no guarantees regarding its accuracy or completeness.

Based on findings from millions of scans last year, ShiftLeft tracked significant AppSec progress with more frequent and faster scans and a 97% reduction in false positives.

ShiftLeft, an innovator in automated application security testing, released its second annual AppSec Progress Report documenting critical trends in application security and how organizations are shifting security left to deal with the ever-rising volume of attacks and disclosed vulnerabilities. The report covers year-over-year trends and general findings analyzed from millions of scans last year using the ShiftLeft CORE platform across applications running numerous programming languages in different technology architectures including cloud native, on-premise and hybrid configurations.

Key findings from the report include:

  • 97% reduction in open source software (OSS) vulnerabilities — By identifying and prioritizing OSS vulns that are actually attackable, AppSec teams and developers fix what matters, ship code faster and actually improve security with fewer, better fixes.
  • 37% YoY reduction in Mean-Time-to-Remediate (MTTR) — Laser focus on attackability and reduced false positives allows developers to make fixes faster and reduce MTTR. This improves security posture and reduces the likelihood of attacks by reducing the time that vulnerabilities are exposed. In fact, ShiftLeft found that development teams were fixing 76% of attackable vulnerabilities within two sprints (12 days).
  • 90 second median scan time — Rapid scans enable teams to scan more frequently, improving security coverage for fast iterating applications and enabling better coverage of very large applications that previously required hours or days to scan.
  • Significant increase in scan frequency —- Faster scans, automated insertion in CI pipelines, and greater scan coverage across more languages, also enabled AppSec teams to shift from scanning for vulnerabilities monthly or weekly to daily scans. The report tracked 68% increase year-over-year in daily scans.
  • Estimated vulnerable Log4J exposure at only 4% — Due to the pervasive and widespread nature of Log4J, many application security teams struggled to identify all instances of the logging library in their application stack. Obscured and nested instances (in JAR files, for example) caused particular problems. ShiftLeft analyzed scans for the Log4J vulnerability and mapped actual data flows through production applications by combining the results of Static Application Security Testing (SAST) analysis and Software Composition Analysis (SCA). The analysis found that only 4% of all Log4J instances were vulnerable. Teams that had this information saved months of wasted time hunting down and fixing Log4J instances that posed little or no risk.

The report highlights how shifting application security left to engage developers earlier in the software development lifecycle results in faster fixes and less wasted energy prioritizing and fixing vulnerabilities that pose little to no risk. The report also underscores the importance of a holistic technology approach that integrates both SAST and SCA to provide a clear picture of attackability and subsequent prioritization of security fixes to reduce focus to fixing what matters.

“Based on our findings, two out of three development teams are literally wasting time on the 97% of fixes that are not attackable and provide little security benefit,” said Manish Gupta, CEO at ShiftLeft. “On the other hand, teams that shift security left and focus on attackability ship more secure code, more frequently. This clearly improves the security of their applications while also improving developer productivity and product velocity.”

About ShiftLeft

ShiftLeft empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left. A unified code security platform, ShiftLeft CORE scans for attack context across custom code, APIs, OSS, containers, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use ShiftLeft ship more secure code, faster. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, California.

View source version on businesswire.com: https://www.businesswire.com/news/home/20220623005346/en/

Contacts

PR Contact:

Corinna Krueger

ShiftLeft

ckrueger@shiftleft.io

Report this content

If you believe this article contains misleading, harmful, or spam content, please let us know.

Report this article

More News

View More
News headline image
Small-Cap ETFs Poised for Big Growth as Rate Outlook Shifts ↗
Today 7:45 EDT
Via MarketBeat
Topics ETFs Economy
Tickers AVUV IWM VB
News headline image
Flash Crash or Cash? The AI Hardware Reset Investors Can’t Ignore ↗
July 06, 2026
Via MarketBeat
Topics Artificial Intelligence Economy
Tickers MU NVDA SNDK STX WDC
News headline image
As Employers Drop Obesity Drug Coverage, Hims & Hers Could Be the Winner ↗
July 06, 2026
Via MarketBeat
Tickers HIMS LLY NVO
News headline image
KBR Insiders Are Buying While the Market Misreads Its Spinoff ↗
July 06, 2026
Via MarketBeat
Tickers KBR
News headline image
Contrarian Alert: 5 Downgraded Stocks That May Reward Long-Term Investors ↗
July 06, 2026
Via MarketBeat
Tickers DPZ LOW NOW TSCO ZS

Recent Quotes

View More
Symbol Price Change (%)
AMZN  244.16
+0.00 (0.00%)
AAPL  312.66
+0.00 (0.00%)
AMD  552.05
+0.00 (0.00%)
BAC  59.90
+0.00 (0.00%)
GOOG  364.90
+0.00 (0.00%)
META  600.29
+0.00 (0.00%)
MSFT  386.74
+0.00 (0.00%)
NVDA  195.55
+0.00 (0.00%)
ORCL  143.76
+0.00 (0.00%)
TSLA  419.77
+0.00 (0.00%)
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the Privacy Policy and Terms Of Service.
© 2025 FinancialContent. All rights reserved.

Having difficulty making your payments? We're here to help! Call 1-800-255-5897

Copyright © 2019 Franklin Credit Management Corporation
All Rights Reserved
Contact Us | Privacy Policy | Terms of Use | Sitemap