Security News > 2021 > June > ‘What are the odds someone will find and exploit this?’ Nice one — you just released an insecure app

"Security teams not having faith in the SDLC, struggling to shift left when applications are vulnerable in production, misaligned investment in empowering developers on security and lack of effective training."

Erez Yalon, head of security research at Checkmarx, agreed developers who are aware of an existing vulnerability often lack the education or experience needed to understand its severity truly.

"Unless security is viewed as a feature, it will be viewed as a tax," according to Tim Mackey, Principal Security Strategist at the Synopsys CyRC. The cycle of application insecurity is exacerbated by the shift over the last decade towards component-driven development.

"In 2021," according to GitLab's research, "More than 70 per cent of security professionals reported their teams have moved security considerations earlier into the development. That's up from 65 per cent last year," Loveless said.

"The ultimate accountability should rest with what I am calling CISO 2.0 - one who takes an approach of building a collaborative security culture instead of playing the blame game, building a security team that has the subject matter expertise as well as a facilitative mindset, creating a scalable security program that incorporates rapid-response as well as systematic improvements to the state of security in the organisation."

"Long-term, the inherent security of application development frameworks needs to continue to evolve to the point where it is increasingly difficult to introduce a security flaw."

News URL

https://go.theregister.com/feed/www.theregister.com/2021/06/25/application_vulnerability_epidemic/