04/06/2018
Many organizations are using third-party components to speed up software development. But these components need to be rigorously inventoried and managed properly.
To ensure that software components are being used safely, security analysis needs to be an essential part of the development and procurement processes. However, research conducted by CA Veracode reveals that nearly half of programmers (48%) do not update open source or commercial solutions when the market discloses a security vulnerability. This and other data highlights organizations' lack of security awareness, putting them at risk of breach.
The study also points out that, regarding IT methodologies, companies are now more likely to use DevOps (41%), followed by agile method (33%), with only a small minority (13%) using the waterfall system. This suggests a move away from more traditional methods and a move towards DevOps. “Security must be integrated into DevOps – leaving security until the end of the process is no longer enough. The key to the success of a DevOps infrastructure is the integration of security within it”, warns CA Veracode.
"If organizations don't start tracking components and vulnerabilities more carefully, they will continue to operate insecurely and are likely to be caught sooner or later," says the study, which highlights a company needs to prioritize the security of its software and partner with a reputable security solutions provider to ward off threats.
To access the full CA Veracode survey, access here.
Also get to know the ABES Audited Code Certificate service.
EN 
PT 
