Security News

Wabbi published new research with IDG that finds companies utilizing continuous security have decreased vulnerabilities by 50%. The study focused on the integration of development and security, as well as the benefits of continuous security. The importance of security integration within the SDLC is clear: 98% of respondents place high importance on integrating security throughout the development lifecycle, yet only 15% report that security is always integrated from the beginning of the development lifecycle.

Cloudreach released data highlighting the latest cloud technology trends, underscoring the impact the cloud skills gap is having on businesses. Multi-cloud capabilities, cloud system development, and cloud governance were the top three areas most impacted by the skills gap, according to respondents.

The report shows that the most successful engineering teams routinely meet four key benchmarks. By setting up a robust test suite, you can confidently rely on your tooling no matter the time of year, allowing teams to thrive and innovate even when team members are out of office.

Checkmarx released the UK findings of its report which found that 45% of organizations have suffered at least two security breaches as a direct result of a vulnerable application. Alongside this, the report discovered 34% of UK organizations who had experienced a security breach relating to an application in the year preceding the survey have laid off employees seen as bearing responsibility.

Cybersecurity researchers have unpacked a new Golang-based botnet called Kraken that's under active development and features an array of backdoor capabilities to siphon sensitive information from compromised Windows hosts. The botnet - not to be confused with a 2008 botnet of the same name - is perpetuated using SmokeLoader, which chiefly acts as a loader for next-stage malware, allowing it to quickly scale in size and expand its network.

"It is no longer sufficient to scan software as a pre-production step in the last phase of the software development lifecycle. Just as software is now deployed continuously, scanning using a variety of testing tools must also happen continuously as a fully integrated part of the process," said Chris Wysopal, CTO at Veracode. Continuous security testing using multiple scanning types is fast becoming the norm as organizations recognize the need to analyze the software they build across multiple dimensions.

One of the biggest changes to the cybersecurity landscape is that developers are now often expected to implement security directly into the applications they're building as part of the automated development lifecycle, rather than relying on security or ops teams configuring policies for them after they are built. With low code applications, developers can save time otherwise spent on learning security standards and policies in detail and spend more of their time on the core business.

Code review remains the biggest influence on improving code quality with unit testing a distant second, a SmartBear survey reveals. With development teams getting larger and remaining remote, a tool-based code review process offers the best advantage, as indicated by 80% of satisfied respondents.

Satori shared its predictions for the near future of cloud-based transformation, detailing three major developments to watch for in the world of data governance and operational security over the course of 2022. With more data being moved to the cloud, new opportunities arise, as data can be easily connected with various cloud-based services, including BI, analytics and AI, ultimately delivering richer insights for data scientists, analysts and business users.

Serverless is revolutionizing software development, allowing organizations to produce applications which consume cloud resources only when they need to. So it might come as a shock that while 70 per cent of respondents to the State of Serverless Application Security Report have six or more teams working on serverless development, they are also building up a worrying "Serverless security debt".