Security News > 2024 > July > Firms skip security reviews of major app updates about half the time
Cyber security workers only review major updates to software applications only 54 percent of the time, according to a poll of tech managers.
Twenty-two percent of respondents confessed they did a security review under half of the time, and the same percentage claim to have reviewed code 50 to 74 percent of the time.
Only 19 percent said a security review took less than a day, while 46 percent estimated one to three days were needed.
Based on this, CrowdStrike calculated the average yearly cost of security reviews at nearly $1.2 million.
Even when doing the same math, but with median number of reviews per week and employees per review, the annual expenditure for code reviews was $188k.
There doesn't seem to be a single root cause as to why security reviews are so time and money-consuming - it comes down to a variety of factors.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/07/18/security_review_failure/
Related news
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Microsoft: January Windows security updates break audio playback (source)
- Microsoft shares workaround for Windows security update issues (source)
- Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities (source)
- Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)