• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
iGuRu

iGuRu

Real-time Technology News. Opinions & Tweaks

  • / news
  • / infosec
  • / tools
  • / tweaks
  • / dummies
  • / opinions
  • / support
home / News / They knowingly send vulnerable code despite using AppSec tools

They knowingly send vulnerable code despite using AppSec tools

14/08/2020 10:58 by Anastasis Vasileiadis

Nearly half of organizations regularly and knowingly send vulnerable code, despite using AppSec tools, according to Veracode.

veracode esg 082020 1 - They knowingly send vulnerable code despite using AppSec tools

Among the top reasons cited for promoting vulnerable code was the pressure to meet release deadlines (54%) and finding vulnerabilities too late in the software development lifecycle (45%).

Respondents said developers' lack of knowledge on mitigation issues and lack of integration between AppSec tools were two of the top challenges they face with DevSecOps. However, almost nine out of ten companies said they would invest further in AppSec this year.

Software development is evolving

Research sheds light on how AppSec practices and tools intersect with emerging development methods and the creation of new priorities, such as open source risk reduction and API testing.

"The software development landscape today is evolving at a rapid pace. Gadget-based architecture, containers, and cloud applications are changing the dynamics of how developers create, test, and develop code. "Without better testing, integration and regular training of developers, organizations will face significant breaches," said Chris Wysopal, CTO at Veracode.

Important findings

  • 60% of organizations report exploiting production applications utilized by 10 his vulnerabilities OWASP the last 12 months. Similarly, 7 out of 10 applications have a security flaw in an open source library during the initial scan.
  • Developers' lack of knowledge about how to accomplish issues is the biggest challenge for AppSec. 53% of organizations provide security training for developers only once a year or less. The data show that only 1% of applications with the highest scan frequency have about five times less security costs or unresolved defects than less frequently scanned applications, which means that frequent scans help developers find and fix bugs for significantly reduce the risk to their body.
  • 43% cited DevOps integration as the most important aspect of improving AppSec.
  • 84% report challenges due to too many AppSec tools, which make it difficult to integrate DevOps. 43% of companies report using between 11-20 AppSec tools, while 22% said they use between 21-50.

veracode esg 082020 2 - They knowingly send vulnerable code despite using AppSec tools

According to ESG, the most effective AppSec programs list the following as some of the critical elements:

  • Application security is highly integrated in the toolbox CI / CD
  • Continuous, customized AppSec training for developers
  • Monitoring of continuous improvement measurements in individual development groups
  • AppSec best practices are shared by development managers
  • Use analytics to track the progress of AppSec programs and provide data management
They knowingly send vulnerable code despite using AppSec tools was last modified: 14 August, 2020, 10: 58 am by Anastasis Vasileiadis

Subscribe to our newsletter

no spam

spread the news

  • Facebook
  • Twitter
  • Reddit
  • Printing
  • Email

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News


Competition: Newstag: AppSec

You May Also Like

Kali Linux 2021.1 has just been released
Mozilla has added a cookie jar to Firefox
Sony is offering Ratchet & Clank to all PlayStation 4 players for free

About Us Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Previous Post: « Ubuntu Server enable automatic security updates
Next Post: LibreOffice 6.4.6 new update from Document Foundation LibreOffice 6.4.4 New Release from Document Foundation »

Reader Interactions

Comment Policy:

IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators


Leave your comment
Ακύρωση απάντησης

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

 

 © 2021 · iGuRu.gr · ☢ · Keep It Simple Stupid Genesis theme

about  ·   get in touch  ·  rss  ·  sitemap  ·  cough

loadingCancel
Could not post post - check your email address!
Email verification failed, please try again
Your blog can not post posts via email.