Security News > 2020 > March > Chris Eng: Patch Management Challenges Drive ‘Security Debt’
Companies are lagging when it comes to keeping up with software security patches - causing them to fall into "Security debt," Chris Eng, chief research officer with Veracode said.
"If you incorporate security in the right way, DevOps is actually a great opportunity to improve the way that you're doing software security. And so I think that's the big takeaway," said Eng.
A lot of companies are struggling with the security debt for these applications that they may have been building for many years, and just kind of pushing the security vulnerabilities off to the side.
CE: I think, really, the takeaway for us is, you know, there's been a lot of tension, I think, between DevOps and security in the past, there's a notion that, well, DevOps is trying to move so quickly, and how can they possibly do that? Because where will the security happen? Right? And so some security professionals that haven't really kind of caught onto how DevOps is working are a little bit afraid of what that's going to do to the safety of their software.
So if you incorporate security in the right way, DevOps is actually a great opportunity to improve the way that you're doing software security.
News URL
https://threatpost.com/chris-eng-patch-management-challenges-drive-security-debt/153471/
Related news
- Audit finds notable security gaps in FBI's storage media management (source)
- Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability (source)
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
- Businesses turn to private AI for enhanced security and data management (source)