Discussion about this post

User's avatar
Anne Bendix's avatar

When I was searching for an “ASPM” solution I found it very hard to find something that came even close to matching our needs although I checked about 30 vendors. It all sounds good in theory, but rarely fitted your reality. And it gets worse when AppSec practitioners fall for the shiny generic promises of those vendors without understanding their own developers reality and needs first.

Miloslav Homer's avatar

Thanks for this great article. I think this gap isn't talked about enough - the juggling and ultra wide scope defines our profession, but I am not sure if it's sustainable.

I especially liked the diagram where you show the tool types in the market and the parts where we struggle. Alas I fear that such products won't be made as they "won't scale" (so no funding) as you really need to tailor them to the particular company environment (processes, risk appetite, etc.). Hope to be proven wrong.

2 more comments...

No posts

Ready for more?