cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDefects
Community Champion

State of Software Security Report

Earth shattering news from Veracode today in its State Software Security Report Volume 10: Apps are insecure!

 

  • 83 percent of applications have at least one flaw in their initial scan
  • 68 percent of developers say their organizations don't provide training in application security
  • Newly found security flaws are prioritized over older flaws

The bottom line: application security debt is piling up! Do your part to reduce technical debt, sponsor a bug fixit week for your organization. Make your next sprint security focused.

1 Reply
CISOScott
Community Champion

Also look to provide app scanning as part of your vulnerability management process.

Institute measures to offer app scanning at multiple points in the process, In Development, Pre-production, and Post-Production. Create a process where developers can ask for ad-hoc/on demand scans. Look to add value to your security department by providing a service that helps both departments.

 

Too often I see a vulnerability management program that only does vulnerability scanning on endpoints or servers but forgets to include applications or farms it out to a third-party once every three or more years.