https://community.isc2.org/t5/Tech-Talk/State-of-Software-Security-Report/m-p/34422#M2524 <P>Earth shattering news from Veracode today in its <A href="https://info.veracode.com/report-state-of-software-security-volume-10.html?utm_source=idg&amp;utm_medium=digital-ad&amp;utm_campaign=VER012T000000sarjQAA&amp;utm_term=playlist-brandpost&amp;utm_content=soss-v10" target="_blank" rel="noopener">State Software Security Report Volume 10</A>: <STRONG>Apps are insecure!</STRONG></P><P>&nbsp;</P><UL><LI>83 percent of applications have at least one flaw in their initial scan</LI><LI>68 percent of developers say their organizations don't provide training in application security</LI><LI>Newly found security flaws are prioritized over older flaws</LI></UL><P>The bottom line: <STRONG>application security debt</STRONG> is piling up! Do your part to reduce technical debt, sponsor a bug fixit week for your organization. Make your next sprint security focused.</P> Mon, 09 Oct 2023 09:29:22 GMT AppDefects 2023-10-09T09:29:22Z https://community.isc2.org/t5/Tech-Talk/State-of-Software-Security-Report/m-p/34422#M2524 <P>Earth shattering news from Veracode today in its <A href="https://info.veracode.com/report-state-of-software-security-volume-10.html?utm_source=idg&amp;utm_medium=digital-ad&amp;utm_campaign=VER012T000000sarjQAA&amp;utm_term=playlist-brandpost&amp;utm_content=soss-v10" target="_blank" rel="noopener">State Software Security Report Volume 10</A>: <STRONG>Apps are insecure!</STRONG></P><P>&nbsp;</P><UL><LI>83 percent of applications have at least one flaw in their initial scan</LI><LI>68 percent of developers say their organizations don't provide training in application security</LI><LI>Newly found security flaws are prioritized over older flaws</LI></UL><P>The bottom line: <STRONG>application security debt</STRONG> is piling up! Do your part to reduce technical debt, sponsor a bug fixit week for your organization. Make your next sprint security focused.</P> Mon, 09 Oct 2023 09:29:22 GMT https://community.isc2.org/t5/Tech-Talk/State-of-Software-Security-Report/m-p/34422#M2524 AppDefects 2023-10-09T09:29:22Z https://community.isc2.org/t5/Tech-Talk/State-of-Software-Security-Report/m-p/34434#M2528 <P>Also look to provide app scanning as part of your vulnerability management process.</P><P>Institute measures to offer app scanning at multiple points in the process, In Development, Pre-production, and Post-Production. Create a process where developers can ask for ad-hoc/on demand scans. Look to add value to your security department by providing a service that helps both departments.</P><P>&nbsp;</P><P>Too often I see a vulnerability management program that only does vulnerability scanning on endpoints or servers but forgets to include applications or farms it out to a third-party once every three or more years.&nbsp;</P> Fri, 03 Apr 2020 11:54:45 GMT https://community.isc2.org/t5/Tech-Talk/State-of-Software-Security-Report/m-p/34434#M2528 CISOScott 2020-04-03T11:54:45Z