The 2022 Update CISQ report estimates that the cost of poor software quality in the US has grown to at least $2.41 billion, but not in proportions similar to those seen in 2020. Accumulated software Technical Debt (DT) has grown to approximately US$ 1.52 trillion.
*By Marcelo Duarte
DevSecOps practices have been widespread, but have they been enough to mitigate the damage and losses caused by cybercrimes? While DevSecOps is a valuable approach to incorporating security into the software development lifecycle, sometimes it may not be enough to address all challenges. This is where the application of practices known as DevQualOps becomes crucial.
The DevQualOps model, introduced in 2020 by Consortium for Information & Software Quality (CISQ), is fundamental to ensuring that quality and security are intrinsic parts of the entire software development process. Since software security is a subcategory of software quality, DevSecOps is therefore viewed as a submodel of DevQualOps.
The 2022 Update CISQ report estimates that the cost of poor software quality in the US has grown to at least $2.41 billion, but not in proportions similar to those seen in 2020. Accumulated software Technical Debt (DT) has grown to approximately US$ 1.52 trillion.
DevQualOps is an approach that emphasizes quality in all phases of the software development lifecycle, including development, quality assurance, and operations. It recognizes that software quality should not be treated just as a later step, but rather as a central concern from the beginning of the development process.
By adopting DevQualOps as a foundation, organizations can further improve cyber risk mitigation. This is because DevQualOps not only focuses on security but also on the overall quality of the software. It seeks to apply best practices and standards that will identify and resolve problems in all areas, from coding errors to security vulnerabilities, ensuring that the software is robust and reliable.
According to Debricked, on average, it takes more than 800 days to discover a security flaw in OSS. For example, the Log4shell vulnerability remained undiscovered for 2,649 days. This delay in detecting vulnerabilities highlights the importance of taking a proactive approach, like DevQualOps, to identify and fix issues earlier in the development cycle.
By focusing on these emerging solution areas and adopting DevQualOps as a foundation, organizations can improve the quality and security of their software products. This will not only reduce DT, but also lower costs associated with poor software quality by ensuring that security and quality are core concerns from the beginning of the development process. Ultimately, this more holistic approach may be the key to mitigating the risks and harms caused by cybercrime.
*Marcelo Duarte, is Systems Development Leader at ADD Value
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies