Security News > 2024 > February > 36% of code generated by GitHub CoPilot contains security flaws

There is good news, however: high-severity security flaws in applications have decreased by half since 2016, indicating progress in software security practices and that speed of remediation has a material impact on critical security debt.

The report reveals development teams that fix flaws the fastest reduce critical security debt by 75%-from 22.4% of applications to just over 5%. Moreover, these fast-acting teams are four times less likely to let critical security debt materialize in their applications in the first place.

"While we continue to see improvements in the security landscape, these findings are a wake-up call for organizations to address their security debt head-on. By prioritizing flaw remediation, focusing on third-party code security, and adopting efficient development practices, organizations can significantly reduce their security debt and enhance the overall state of software security across the board," said Chris Eng, Chief Research Officer at Veracode.

Eng said, "Despite the speed and efficiency AI brings to software development, it does not necessarily produce code that's secure. Research has shown that 36% of code generated by GitHub CoPilot contains security flaws."

New era of software security with AI. The research also found remediation capacity among teams to be constrained, with only 64% of applications having a remediation capacity that's sufficient to eliminate critical security debt.

"AI also paves the way for a new frontier in software security by empowering organizations to scale remediation efforts and more easily address the long backlog of security debt, as well as new flaws that emerge," Eng concluded.

News URL

https://www.helpnetsecurity.com/2024/02/20/applications-security-debt/