Serviceteam IT Security News

Nearly half (48%) of organizations regularly push vulnerable code into production in their application security programs due to time pressures, while 31% do so occasionally, according to a new report published by Synopsys entitled Modern Application Development Security.

As a result, 60% have reported production applications exploited by OWASP top-10 vulnerabilities in the past 12 months.

This is despite the fact most organizations believe their security programs are very good, with an average rating of 7.92 out of 10 given by 378 IT, cybersecurity and application development professionals surveyed by the Enterprise Strategy Group (ESG). More than two-thirds (69%) rated their security program as eight or above.

The study was commissioned to look at the convergence of application security tools, which is becoming increasingly complex, with 72% of organizations stating that they now utilize more than 10 of these tools.

As such, it was found that 43% of organizations believe that DevOps integration is the most important aspect of improving application security programs. Yet 23% of respondents said that poor integration with development/DevOps tools is a common challenge to achieving this, while 26% identified difficulty or lack of integration between different application security vendor tools.

Dave Gruber, senior ESG analyst, said: “DevSecOps has moved security front and center in the world of modern development; however, security and development teams are driven by different metrics, making objective alignment challenging.”

The biggest challenge highlighted was a lack of knowledge in mitigating issues identified on the part of developers (29%). This suggests there is currently insufficient developer security training taking place, and 35% of organizations revealed that less than half of their development teams are participating in formal training.

Speaking to Infosecurity, Patrick Carey, director of product marketing at Synopsys, commented: “As high velocity application development continues to grow in popularity through methodologies such as DevOps, it is critically important to ensure that security is considered throughout the software development lifecycle.

“That way, if the decision is consciously made to push vulnerable code due to time pressures, critical and high-risk vulnerabilities will have been resolved beforehand. By educating organizations on how to apply a holistic software security program and guiding them in their journey to implement DevSecOps cultures, we’ll see the prevalence of knowingly pushing vulnerable code drop. Enabling developers with security tools and training resources that in no way slow down their momentum is a highly beneficial step in that process.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!