Security News

"It is no longer sufficient to scan software as a pre-production step in the last phase of the software development lifecycle. Just as software is now deployed continuously, scanning using a variety of testing tools must also happen continuously as a fully integrated part of the process," said Chris Wysopal, CTO at Veracode. Continuous security testing using multiple scanning types is fast becoming the norm as organizations recognize the need to analyze the software they build across multiple dimensions.

One of the biggest changes to the cybersecurity landscape is that developers are now often expected to implement security directly into the applications they're building as part of the automated development lifecycle, rather than relying on security or ops teams configuring policies for them after they are built. With low code applications, developers can save time otherwise spent on learning security standards and policies in detail and spend more of their time on the core business.

Code review remains the biggest influence on improving code quality with unit testing a distant second, a SmartBear survey reveals. With development teams getting larger and remaining remote, a tool-based code review process offers the best advantage, as indicated by 80% of satisfied respondents.

Satori shared its predictions for the near future of cloud-based transformation, detailing three major developments to watch for in the world of data governance and operational security over the course of 2022. With more data being moved to the cloud, new opportunities arise, as data can be easily connected with various cloud-based services, including BI, analytics and AI, ultimately delivering richer insights for data scientists, analysts and business users.

Serverless is revolutionizing software development, allowing organizations to produce applications which consume cloud resources only when they need to. So it might come as a shock that while 70 per cent of respondents to the State of Serverless Application Security Report have six or more teams working on serverless development, they are also building up a worrying "Serverless security debt".

A Censuswide report reveals the biggest security challenges that application security managers and software developers are facing within their organizations in today's threat landscape. Despite multiple breaches in the last year due to vulnerable applications, 81% of developers remained confident in their ability to build a secure product, showcasing a commitment to selecting the proper tools to protect their organizations.

The report also assesses the technologies, capabilities, and anticipated communications and computing solutions beyond 5G. The report provides analysis for leading 5G and edge computing supported applications and services along with forecasting from 2021 to 2025, and in some cases, through 2030. The combination of 5G and edge computing will lead a revolution in application development.

The stamp the administration plans to introduce to allow the public and the government to determine if the software was developed securely may cause developers to re-examine their environments and improve the overall security standard of applications. Software development security is everyone's responsibility.

Mobile application security is about delivering leakage-free, vulnerability-free, tamper-proof and self-protecting mobile apps. Mobile applications' time-to-market is rushed by urgent business needs and their conception is not conducted as thoroughly as developers and security teams would want.

VMware announced findings from a study on the relationship between IT, security, and development teams as organizations adopt a zero trust security model. Organizations where security and development teams have a positive relationship can accelerate the software development lifecycle five business days faster than those without - demonstrating how speed to market and competitive advantage are at stake here.