Early this morning we released our annual State of Software Security Report (SoSS). The report includes the latest research on software vulnerability trends as well as predictions on how these flaws could be exploited if left unaddressed and what this may mean for organizations’ security professionals.
Average CISO Tenure Continues to Decline: The expansive thread profile associated with software means the likelihood of CISOs being negatively affected by a high-impact security event have never been greater.
The Rise of the Everyday Hacker: A simple Google search for “SQL injection hack” provides 1.74 million results, including videos with explicit instructions on how to exploit SQL injection vulnerabilities. The ready availability of this information makes it possible for less technically skilled hackers to take advantage of this common flaw.
Decreased Job Satisfaction/Higher Turn-over for Security Professionals: Companies face a seemingly ever-expanding threat profile brought on by new applications and application updates containing easy to exploit flaws such as SQL injection (26% of all 2012 reported breaches according to Trustwave) creating a very frustrating work environment for security professionals.
Default Encryption, Not "Opt-in," Will Become the Norm in Mobile: There is a staggering amount of transmitted data at risk, considering the growth of open (i.e. easy to eavesdrop) Wi-Fi networks in combination with the number of social network users (Facebook 1.2B; Twitter 190M tweets/day) and the number of mobile devices.
But this insight into a daunting landscape also provides opportunity. Each of our predictions are accompanied by recommendations on how to tackle these challenging trends. (Find them in the full report!) With deliberate strategies to remediate coding flaws, improve SDLC processes and protect your valuable data we can alter the course we're on and change the future. We want the readers of this report to leverage the data to build a business case for an application security program at their organization.
"As you read this report I urge you to consider your organization’s application portfolio and how you currently make decisions about the risks your organization is willing to take. The amount of risk an organization takes should be a strategic business decision—not the aftermath of a particular development project." - Chris Wysopal
Neil is a Marketing Technologist working on the Content and Corporate teams at Veracode. He currently focuses on Developer Awareness through strategic content creation. In his spare time you'll find him doting over his lovely wife and daughter. He is a Co-Owner of CrossFit Amoskeag in Bedford NH, his favorite topic is artificial intelligence, and his favorite food is pepperoni pizza.
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.