Ensuring the security of software is a critical business priority. Employees, customers, partners, and suppliers rely on custom-built applications for day-to-day operations. If those applications are compromised, everyone and every organization tied to that software can be negatively impacted.
Increased security responsibility has been shifting to development teams over the last few years. Security teams’ efforts to insert themselves in the middle of development processes have often not achieved desired goals and have left developers hungry for simpler solutions. Although most developers employ an arsenal of tools to help them build and test code throughout the development process, those tools are often siloed, kludgy, cumbersome, and don’t easily integrate with workflows. The result: nonoptimal use of security tools and decelerated delivery timelines.
Case in point, a recent GitHub survey found that 31% of developers feel they spend most of their time finding and fixing software vulnerabilities. While software security is enormously important, it shouldn’t require developers to become security experts. But so many of today’s traditional AppSec tools don’t conform to the development experience and don’t empower developers to be better, more security-focused builders of software.
Maintaining agile development while minimizing software risk requires balance. On average, organizations are managing 129 applications and 119,000 software-related alerts. With too much volume and a lack of accurate prioritization, it’s no wonder that 95% of organizations have at least one high, critical, or apocalyptic risk in their software supply chain.
However, all is not lost. There are vendor companies listening to developers and building tools that ensure comprehensive visibility of applications (from code to cloud) and that fit snugly into CI/CD pipelines and IDEs.
If you’ve been following OX Security for a little bit, you may have seen that we recently added the ability to assign new roles and role-based data scopes in our Active ASPM platform. Building on this customization, OX is now rolling out a newly enhanced developer experience in the OX platform, tailored to developers’ needs and workflows.
Views Devs can use
The OX Platform contains a ton of data about the state of the SDLC — which is a lot bigger than many people realize. What’s easy to get wrong about SDLC security is that it’s not just the software that needs protection; it’s everything that goes into building and maintaining the software, including the development environment (e.g., Git, SVN, clouds, containers), build servers, artifact repositories, deployment automation tools(e.g., Jenkins, Atlassian OpeDevOps), servers and virtual machines in runtime environments, and any security monitoring tools.
This vast ecosystem results in busy dashboards and data views. When it comes to our developer users, we know that they want to hone in on the things that matter most to them. We’ve therefore cleaned up the development role home page to provide greater flexibility over what developers need to see.
Dev Summary Tab
Dev Summary Detail
Importantly, though, we haven’t removed any data from devs’ systems! It’s still all there and devs can access all of the data OX collects for their environments, it’s just not cluttering up their default views with extraneous items.
If you’re a user of OX and a developer, you can now tailor your OX experience to your preferences and workflows. We’ll continue to provide best practices remediation guidance with just one click of a button, and see your commits all in one place. You can choose to remove certain security-focused information from your custom default view but still see vulnerability severity for the software vulnerability issues you need to fix.
Conclusion
We at OX understand that, for developers, a great user experience is not a luxury — it’s a necessity. Today, the pressure on developers to deliver fast and secure code is immense. Still, many typical AppSec tools are more of a hindrance than help, cluttering up developers’ workspaces and limiting flexibility, which can frustrate even the most security-minded developer.
With a revamped developer experience and user interface, OX Security’s Active ASPM platform gives developers the ability to quickly zero in on the issues that matter most to them — without losing sight of the bigger picture. The platform’s flexible, customizable views mean developers can filter out the noise and keep focus on the critical tasks at hand, all while maintaining access to comprehensive security data when needed. By prioritizing the developer experience, OX Security proves that security doesn’t have to be a bottleneck. Instead, it can be a streamlined, integrated part of the software development lifecycle.
)
