Despite Major Vulnerability Disclosures Like WannaCry, New Research Finds that Open Source Components Fail to Receive Suitabl...
10 Avril 2018 - 3:00PM
CA Veracode, part of CA Technologies (NASDAQ:CA) industry-leading
security portfolio, today released new data that shines a light on
the discrepancy between component security and hygiene. According
to the research conducted with Vanson Bourne, only 52 percent of
developers using commercial or open source components in their
applications update those components when a new security
vulnerability is announced. This highlights organizations’
lack of security awareness and puts organizations at risk of a
breach.
Software development processes like DevSecOps have helped
improve the security of the code developers write. However, these
same development processes value speed and efficiency to keep up
with the demands of the application economy. As a result,
developers rely on components that borrow features and
functionality from existing projects and libraries. The research
shows that 83 percent of respondents use either or both commercial
and open source components, with an average of 73 components being
used per application.
While components boost developers’ efficiency, and their use is
considered a best practice, these components come with inherent
security risks. Despite finding an average of 71 vulnerabilities
per application introduced through the use of third-party
components, only 23 percent of respondents reported testing for
vulnerabilities in components at every release. This may be a
result of only 71 percent of organizations reporting to having a
formal application security (AppSec) program in place.
What’s more, only 53 percent of organizations keep an inventory
of all components in their applications. According to The State of
Software Security Report 2017 (SOSS), fewer than 28 percent of
companies conduct regular composition analysis to understand which
components are built into their applications.
“We know that developers care about creating great code, and
that means creating secure code,” said Pete Chestna, director of
developer engagement, CA Veracode. “In order to be successful,
developers need to have clarity on the security policy and the
tools to measure against it. When the goal is clear and we give
developers access to those tools, they are able to integrate
scanning earlier into the SDLC and make informed decisions that
take security into consideration. Through this, we see a marked
improvement in secure software development and the resulting
outcomes.”
This report shows that development (44 percent) or security (31
percent) teams are most likely to be responsible for the
maintenance of third-party commercial and open source components,
which suggests a move towards responsibility for the development
team. As awareness around open source risk continues to grow,
providing developers with the solutions, education and visibility
to mitigate risk becomes a critical component to the Modern
Software Factory approach to development that helps to build
better, more secure, apps faster.
To read the full research report conducted in conjunction with
Vanson Bourne, click here.
To learn more about CA Veracode’s Software Composition Analysis
solution, click here.
Methodology CA Veracode commissioned Vanson
Bourne to survey 400 application developers from the U.S. (200
respondents), UK (100 respondents), and Germany (100 respondents)
to understand the maturity of organizations’ component security.
Polling was conducted online in February of 2018.
About CA Veracode Veracode, CA Technologies
application security business, is a leader in helping organizations
secure the software that powers their world. Veracode’s SaaS
platform and integrated solutions help security teams and software
developers find and fix security-related defects at all points in
the software development lifecycle, before they can be exploited by
hackers. Our complete set of offerings help customers reduce the
risk of data breaches, increase the speed of secure software
delivery, meet compliance requirements, and cost effectively secure
their software assets- whether that’s software they make, buy or
sell. Veracode serves over a thousand customers across a wide range
of industries, including nearly one-third of the Fortune 100, three
of the top four U.S. commercial banks and more than 20 of Forbes’
100 Most Valuable Brands. Learn more at www.veracode.com, on
the Veracode blog, on Twitter and in the CA Veracode
Community. Legal notice Copyright © 2018 Veracode,
Inc. All rights reserved. All other brand names, product names, or
trademarks belong to their respective holders.
Media Contact:Laura
PaineVeracodelpaine@veracode.comPhone: 339-674-1535
Megan GrastyHighwire for Veracode
(U.S.)megan@highwirepr.comPhone: 415-963-4174 ext. 26
Kate BaldwinHotwire for CA Veracode (UK &
EMEA)Kate.Baldwin@hotwireglobal.comPhone: +44 (0) 207 608 4677
Xtrackers California Mun... (NASDAQ:CA)
Graphique Historique de l'Action
De Juin 2024 à Juil 2024
Xtrackers California Mun... (NASDAQ:CA)
Graphique Historique de l'Action
De Juil 2023 à Juil 2024