Even with a stronger focus on security this year, most software is still riddled with security vulnerabilities. According to Veracode’s State of Software Security (SOSS) report, 87.5 percent of Java applications, 92 percent of C++ applications, and 85.7 percent of .NET application contain at least one vulnerability. In addition, over 13 percent of applications contain at least one critical vulnerability.
“Our annual SOSS data puts hard evidence on the table to explain why so many security professionals experience anxiety when they think about application security (AppSec),” the report stated.
Read more about the findings of the Veracode report on SD Times.
92 percent of organizations struggle to implement security into the entire DevOps process despite most saying they want to do so – a staggering capability gap exposed in the new, global data report commissioned by Checkmarx.
The study spotlights the biggest barriers to securing software today depending on where organizations sit on the DevOps maturity curve. Report findings are based on online survey input from 183 respondents worldwide, the majority of whom hold software development, IT and security professional titles.
It’s hardly a controversial statement to say that DevOps is changing the way that organizations build and deploy applications. There’s plenty of material, stories, whitepapers and whole companies that demonstrate this trend. There are, however, a couple of things that make a discussion about security and DevOps important.
First, while there are a lot of organizations that have adopted DevOps tools and processes, there are many, many more that haven’t. In other words, DevOps is still fundamentally an early-stage technological movement. The second reason is that DevOps is set to transform security, and no one is quite sure what that means, though there are a lot of opinions on the topic.
Read why Tim Erlin, VP of Product Management & Strategy at Tripwire, believes that any DevSecOps discussion should start by looking at the pervasive industry problems, and learn what these problems are, on Tripwire.
As the DevOps movement goes mainstream, IT security leaders have one of the best opportunities in a generation to significantly move the needle on protecting against cybersecurity risk across the entire IT stack.
DevOps’ emphasis on cross-functional teaming, incremental improvements, and continuous delivery of software makes it the perfect model to finally integrate security directly into the IT delivery rather than tacking it on as an afterthought.
Read about six ways in which DevOps stands to boost security practices on DarkReading.
One might consider the firewall the most significant invention in cybersecurity in the last 30 years. The firewall has certainly evolved since its inception in 1988 and recently upgraded to the next-generation firewall (NGFW). While NGFW is certainly part of the cybersecurity stack, NGFW is no longer revolutionizing the way we protect our critical business assets.
Today’s cybersecurity strategies have been disrupted by two new models: the Zero Trust model and DevSecOps.
Read more about Zero Trust DevSecOps to learn why Nicolas Chaillan, former Special Advisor for Cybersecurity at DHS, believes that these two models have disrupted today’s cybersecurity strategies, on Forbes.