On July 27, 2020, Gartner published an updated Hype Cycle for Application Security, 2020.
In this report, Gartner highlights demand increase for secure application development. Despite the presence of SDLC programs, the problem is still relevant. Attack surface continues to expand and as a result company must go beyond common identifying of application development security issues. In modern development, DevSecOps approaches allow security teams to keep alignment with both development and security teams.
As for ASOC tools, Peak of Inflated Expectations is being reached. Product acceptance and use continues, especially as organizations move to DevSecOps. Investment’s activity continues as well, suggesting continued demand.
Dale Gardner, the Gartner analyst describing this product segment, provided the following definition of the market segment: “Application security orchestration and correlation (ASOC) tools streamline software vulnerability testing and remediation by automating workflows. They automate security testing, ingesting data from multiple sources (static, dynamic, and interactive testing [SAST/DAST/IAST], software composition analysis [SCA], vulnerability assessments, and others) into a database. ASOC tools correlate and analyze findings to centralize and prioritize remediation efforts. They act as a management layer between application development and security testing tools.”
Gartner estimated market penetration of ASOC tools at 5% to 20% of target audience.
Source: Hype Cycle for Application Security, 2020