Qwiet AI tunes in high-fidelity AI AppSec tooling

Coders code, obviously.

But in fact (and as we know) as the law of thirds governs a lot of what happens on the command line.

That ⅓ 33.3% law of thirds comes down to the fact that a third of developers spend up to 33% of their time fixing bugs and vulnerabilities instead of writing code.

Is that okay and does that mean that we end up with more performant and more highly functional software? To a small degree yes, but generally we can say that it’s a negative because these processes take up valuable project time and (in a world where time is money) we end up with time constraints that are leading to misalignment between development and security teams.

While application security is a still a top priority, roughly a third of developers say their goals are misaligned with their security team.

Who is saying all this and laying down these third-centric cornerstones?

Qwiet AI

Why it’s Qwiet AI, formerly ShiftLeft, a company that says it reduces the noise (Qwiet, like quiet, get it?) inherent in the AppSec and DevSecOps space to allows developers to focus on what the company likes to call ‘high-fidelity’ results  (more audio-related puns there, get it?) that have the greatest impact in their environment. 

Using its own AI engine developed by NumberOne AI, Qwiet AI’s platform promises to provide AI-driven detection of zero-day and pre-zero-day vulnerabilities in code. 

The company’s recent developer survey suggests that while security is a top priority for developers, they are facing an uphill battle when it comes to time spent chasing vulnerabilities, working their way through the list of available scanning tools and working to enable alignment with security teams.

Propeller heads

The online survey of 1,021 IT professionals conducted by market research firm Propeller Insights suggests developers are frustrated by the state of current security tools, citing incumbent tools are too noisy, time intensive and increasing tech debt at a time when development teams are overworked. 

These challenges point to an internal disconnect and despite 69% (let’s say two-thirds to keep things consistent) of IT professionals indicating that application security is a top priority for their organisation, a some 27% (yeah, a third) said their goals are misaligned with their security team. 

“It’s clear that developers are overwhelmed by the noise produced by incumbent security tools,” said Stuart McClure, CEO, Qwiet AI. “We’re seeing developers spend a third of their day fixing bugs and vulnerabilities instead of writing code. For IT teams to be successful, we need to empower software application developers with the right tools that help them stay in a highly productive ‘flow’ state, instead of chasing false positives.”

Findings from the study include:

  • Development schedules are heavily impacted by vulnerabilities 32.6% of respondents reported spending between 26% and 50% of their time fixing bugs instead of writing code, while 38.5% reported spending up to 60 minutes a day searching for solutions.
  • Incumbent security tools struggle to keep pace – 35.7% said there were “too many false positives” and 46.6% said incumbent tools “increase tech debt at a time when my team is already overworked.”
  • Developers want features that provide additional insight – Seeing where each error originates was key to 51.7% of respondents and access to rich contextual information surrounding each error was important to 56.6% of respondents.

McClure and team say that recent advancements in AI, increasingly sophisticated models and enhanced computing power are transforming the way developers approach application security. 

Inevitable AI

Developers also highlighted the power of AI-based solutions in the survey, with 93.7% indicating the adoption of AI-based tools was ‘inevitable’ and IT teams will need them to keep pace with today’s dynamic cyber threat landscape.

Staying ahead of the cyber threat curve requires unison between business and security teams. This survey may help emphasise the need for cyber teams to understand macro-organisational issues presented by business units.

Data Center
Data Management