State of Software Security v11: The Most Common Security Flaws in Apps
For our annual State of Software Security report, we always look at the most common types of security flaws found in applications. It???s important to look at the various types of flaws present in applications so that application security (AppSec) teams can make decisions about how to address and fix ... Read More
Government and Education Have the Highest Percentage of Apps With Security Flaws
It???s been a stressful year, to say the least, for the government and education sector. Government organizations were challenged with pivoting their operations to a digital model while schools were forced to decide between hybrid or remote learning programs for their students. The rise of digital operations has made application ... Read More
Nature vs. Nurture Tip 2: Scan Frequently and Consistently
In our first blog in this series, Nature vs. Nurture Tip 1: Using SAST With DAST, we discussed how this year???s State of Software Security (SOSS) report looked at how both ???nature??? and ???nurture??? contribute to the time it takes to close out a security flaw. We found that the ... Read More
Nature vs. Nurture Tip 1: Use DAST With SAST
When conducting research for this year???s State of Software Security report, we looked at how ???nature??? and ???nurture??? contribute to the time it takes to close out a security flaw. For the ???nature??? side, we looked at attributes that we cannot change, like application size or age. For ???nurture,??? we ... Read More
State of Software Security v11: How to Use the Findings
As a security professional reading through version 11 of our State of Software Security (SOSS) report, the first statistic that probably stands out to you is that 76 percent of applications have security flaws. It???s encouraging to see that only 24 percent of those security flaws are high-severity, but ultimately, ... Read More
In the Financial Services Industry, 74% of Apps Have Security Flaws
Over the past year, the financial services industry has been challenged with pivoting its operations to a fully digital model, putting the security of its software center stage. Despite the unanticipated pivot, our recent State of Software Security v11 (SOSS) report found that the financial services industry has the smallest ... Read More
New PCI Regulations Indicate the Need for AppSec Throughout the SDLC
Last year, the PCI Security Standards Council published the PCI Secure Software Standard and the PCI Secure Software Lifecycle (Secure SLC) Standard as a part of a new PCI Software Security Framework (SSF), also referred to as PCI S3. The SSF offers objective-focused security best practices that outline what a ... Read More
A Software Security Checklist Based on the Most Effective AppSec Programs
Veracode???s Chris Wysopal and Chris Eng joined Enterprise Strategy Group (ESG) Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast, Graham Cluley, at Black Hat USA to unveil the findings from a new ESG research report, Modern Application Development Security. The research is based ... Read More
5 Lessons About Software Security for Cybersecurity Awareness Month
October is cybersecurity awareness month, and this year, the overarching theme is ???Do Your Part. #BeCyberSmart.??? When considering what ???cybersmart??? means in application security, we realized we unearthed some data this year that made us a little cybersmarter and could help other security professionals and developers increase their AppSec smarts ... Read More
96% of Organizations Use Open Source Libraries but Less Than 50% Manage Their Library Security Flaws
Most modern codebases are dependent on open source libraries. In fact, a recent research report sponsored by Veracode and conducted by Enterprise Strategy Group (ESG) found that more than 96 percent of organizations use open source libraries in their codebase. But ??? shockingly ??? less than half of these organizations ... Read More
