IDC MarketScape: Worldwide Application Security Testing, Code Analytics, and Software Composition Analysis 2022 Vendor Assessment — Coordinating Security and Quality for Resilience and DevSecOps

Content

• Table of Contents (59 pages)
• List of Tables (2)
• List of Figures (2)

Related Links

• Web Rights
• Referencing Documents

Abstract

This IDC study uses the IDC MarketScape model to provide an assessment for application security testing, code analytics, and software composition analysis, evaluating automated tools capabilities to unite quality with security approaches as one of four ASQ IDC MarketScape assessments to provide a comprehensive view and overlay across key areas of the market — enterprise ASQ/DevOps, cloud testing/ASQ SaaS, and mobile testing/digital quality. Organizations seeking processes, services, and product automation capabilities for ASQ come to their decision making with varying levels of maturity, differing pain points, and challenges. This is even more the case in a volatile global economy as companies continue to struggle with both constrained and complex sourcing, limited QA resources, and varying levels of flexibility to meet business and competitive pressures. The intent with IDC's quality/security ASQ criteria and the four-document series is to demonstrate weighting approaches for the areas of greatest importance that come up for users making high-end ASQ selections currently with transformative demands for mobile, cloud, IoT, and other areas. Too frequently, users and vendors see "one" sample market assessment diagram and assume that a single model for the market will directly address all their needs (with little context for user-specific challenges or variegated maturity levels). We believe that in-context weighting and analysis as an overlay across our ASQ vendor analysis is optimal (and less simplistic) to enable pragmatic insight for users making decisions in a dynamic and increasingly chaotic, complex global competitive environment. Additional weighting and visibility are available individually — yet publishing multiple ASQ IDC MarketScape documents can enable decision makers to "see" varying approaches based on their peers' experiences, as they make use of IDC's assessments.

"Software drives competitive advantage and innovation, and quality and security are pressing business-critical issues as deployment speeds increase, development time frames compress, and application attack surface is a key risk area (made more vulnerable by the ability to easily find susceptible code)," said Melinda Ballou, research director for IDC's Application Life-Cycle Management, Quality, and Portfolio Strategies service. "At the same time, at least 55% of IDC surveyed participants experienced security breaches and at least 38% were attacked multiple times, with increasing code scan frequency cited as a proven method for reducing security risks in the near term, and architecture and design improvements adding opportunities for strategic, longer-term risk mitigation. Creating strategies that coordinate quality and security teams by leveraging effective code analytics automation and processes for DevSecOps exemplifies broader portfolio coordination. Automated solutions in this context can provide a basis for quality collaboration for security and quality teams to enable continuous quality as part of end-to-end DevOps. While this IDC MarketScape focuses on AST, code analytics, and SCA, IDC has chosen the context of three additional sample weighting strategies that have currency in 2022 moving into 2023 and are frequently requested by users speaking with us — cloud testing/ASQ SaaS, enterprise ASQ, and mobile testing/digital quality. Global organizations seeking to coordinate continuous DevOps and other areas demand high levels of functionality, scalability, and maturity overall to execute well (for an "enterprise" ASQ view)."

Coverage