Flaws found in nearly a third of applications on the first scan
January 11, 2023 – Published on SC Magazine
Veracode on Wednesday reported that 32% of applications are found to have flaws at the first scan and by the time they have been in production for five years, nearly 70% contain at least one security flaw.
With heightened focus on a software bill of materials over the past year, Veracode’s research team also examined 30,000 open-source repositories publicly hosted on GitHub, finding that 10% of repositories hadn’t had a commit — a change to the source code — for almost six years.
Kristen Bell, director, application security at GuidePoint Security, said the 10% number illustrates the downside to enabling developers to freely use open-source code within their applications. Currently, Bell said security teams are chasing vulnerabilities within their repositories looking for whatever has been introduced into the environment by developers.
“Instead, organizations should adopt a process for open-source components to be vetted prior to being approved for use,” said Bell. “In essence, this is not that different from the third-party vendor management process many security teams already have in place as part of their technology procurement process.”
Read More HERE.