What is the State of Software Security in These Crazy Times?

Right now, the cyber world is thick with COVID-19-related sales pitches. Many are spot on, like multi-factor authentication, while others stretch the boundaries of credibility.

What about us? Is there something about the problem we are solving, about software security, that makes it more of an imperative than it was three months ago? Is it possible our mission is more critical now than ever before? The answer is, yes and no.

Let’s start with “no.”

Our work as the first providers of risk-based vulnerability orchestration has always been critical. And a global pandemic doesn’t change that. Few things on the CISO to-do list should be more important than finding, prioritizing and quickly remediating known vulnerabilities in applications and infrastructure.

Zero-day attacks make good copy and even better cocktail conversation. But the vast majority of cyberattacks don’t use them. Less than 10%, according to most of what you read. Less than 1%, according to people who know what they’re talking about. The other 99%? They exploit known vulnerabilities, which is why organizations need to focus on the basics of proactive software security now, just as they did a few months ago. Nothing has changed.

The second and equally important fact to consider is this: digital transformation is reshaping business and consumer behavior. Applications are spreading like wildfire. Software is proliferating, and it’s arguably the fastest-growing attack surface around the globe. As organizations continue to deliver innovation through software, they must make it secure. It has to be trusted. This is true now, just as it was three months ago.

Has the pandemic made our work more critical than ever? Perhaps not, but nothing has made it less significant, either. Software security is a must. It’s not an option in any environment. Nothing about the pandemic has made delivering trusted software less critical.

And on the “yes” side of the argument…

Our approach to solving the vulnerability challenge remains unique and compelling. ZeroNorth can deliver better vulnerability discovery, prioritization and targeted remediation than anyone else. Anyone.

Great discovery means implementing multiple scanning tools to “see the whole elephant.” It means simplifying the tool on-boarding process and automating and orchestrating the execution of scans. It means linking vulnerabilities to potential business impact. It means compressing results into “units of developer work” that provide the information needed to make smart decisions on how to address vulnerabilities. And it means enabling organizations to do this quickly and with fewer resources.

In some ways, nothing has changed.

I will never make the argument that the pandemic has created a greater need for our solution; it’s always been a critical need. It was before, it is now and it will be in the future. Nothing here has changed. What has changed is, ZeroNorth has a new, innovative approach that provides our customers with a truly “better, faster, cheaper” solution, which is precisely what companies are looking for, especially now. This is our unique advantage.

Stay safe. Stay healthy. Family first.


*** This is a Security Bloggers Network syndicated blog from Blog | ZeroNorth authored by John Worrall. Read the original post at: https://www.zeronorth.io/blog/what-is-the-state-of-software-security-in-these-crazy-times/