Site icon MacTech.com

Many organizations knowingly push vulnerable software

Veracode and Enterprise Strategy Group (ESG) have unveiled research that finds nearly half of organizations regularly and knowingly ship vulnerable code despite using application security tools. 

Among the top reasons cited for pushing vulnerable code were pressure to meet release deadlines (54%) and finding vulnerabilities too late in the software development lifecycle (45%). Respondents said that the lack of developer knowledge to mitigate issues and lack of integration between AppSec tools were two of the top challenges they face with implementing DevSecOps. However, nearly nine of ten companies said they would invest further in AppSec this year.

The Modern Application Development Security research conducted by ESG, and sponsored by Veracode, sheds light on how AppSec practices and tools are intersecting with emerging development methods and creating new priorities such as reducing open source risk and API testing.

Chris Wysopal, chief technology officer at Veracode, said that among the key findings of the report:

According to ESG, the most effective AppSec programs report the following as some of the critical components of their program:

Exit mobile version