soss blog cta

Early this morning we released our annual State of Software Security Report (SoSS). The report includes the latest research on software vulnerability trends as well as predictions on how these flaws could be exploited if left unaddressed and what this may mean for organizations’ security professionals.

SoSS Predictions

  • Average CISO Tenure Continues to Decline: The expansive thread profile associated with software means the likelihood of CISOs being negatively affected by a high-impact security event have never been greater.
  • The Rise of the Everyday Hacker: A simple Google search for “SQL injection hack” provides 1.74 million results, including videos with explicit instructions on how to exploit SQL injection vulnerabilities. The ready availability of this information makes it possible for less technically skilled hackers to take advantage of this common flaw.
  • Decreased Job Satisfaction/Higher Turn-over for Security Professionals: Companies face a seemingly ever-expanding threat profile brought on by new applications and application updates containing easy to exploit flaws such as SQL injection (26% of all 2012 reported breaches according to Trustwave) creating a very frustrating work environment for security professionals.
  • Default Encryption, Not "Opt-in," Will Become the Norm in Mobile: There is a staggering amount of transmitted data at risk, considering the growth of open (i.e. easy to eavesdrop) Wi-Fi networks in combination with the number of social network users (Facebook 1.2B; Twitter 190M tweets/day) and the number of mobile devices.

But this insight into a daunting landscape also provides opportunity. Each of our predictions are accompanied by recommendations on how to tackle these challenging trends. (Find them in the full report!) With deliberate strategies to remediate coding flaws, improve SDLC processes and protect your valuable data we can alter the course we're on and change the future. We want the readers of this report to leverage the data to build a business case for an application security program at their organization.

"As you read this report I urge you to consider your organization’s application portfolio and how you currently make decisions about the risks your organization is willing to take. The amount of risk an organization takes should be a strategic business decision—not the aftermath of a particular development project." - Chris Wysopal

About Neil DuPaul

Neil manages the blog pipeline at Veracode, often by fending off eager contributors with a stick. He manages much of the Veracode web presence while also motivating the more introspective Veracoders to be social. Lover of sports and outdoors, and a SERP enthusiast, hit him up on Twitter here.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.