The importance – and pressure -- of developing and managing secure code aren't lost on today's software vendors. As clouds have drifted into the mainstream, mobility and apps have become pervasive, and user expectations around functionality have grown, the need to deliver updates, patches and improvements on a regular and ongoing basis has skyrocketed. Many software providers now find it necessary to issue a new release on a weekly, daily or even multi-daily schedule. Operating within an Agile or DevOps framework is no longer the exception -- it's an expectation.

At the same time, the challenges surrounding quality coding and reducing vulnerabilities haven't diminished – in fact the need for application security has grown with the proliferation of apps. Attacks on the application layer are growing at a rate of about 25 percent per year.  In addition, nearly three out of four applications produced by software firms and SaaS suppliers fail the OWASP Top 10 when initially assessed.  Not only do these vulnerabilities translate into greater risk for customers – who ultimately pay the price for a breach or breakdown as a result of third-party code – but they introduce risk for the software vendor. When customers lose trust and confidence in a vendor, they're far more likely to change course and decide to do business with another software providers competitor.

Fortunately, development speed and application security are not mutually exclusive concepts. Software vendors that build an application security platform based on automation can take software quality and security to a new and better level. What's more, they can accommodate changes in business or regulatory environments more rapidly. Although it's impossible to avoid all coding vulnerabilities – particularly in today's tumultuous malware and hacking environments – it’s entirely possible to use static and dynamic scanning and other methods to spot vulnerabilities sooner rather than later, maintain code libraries more effectively, and remove much of the burden from already busy and often resistant developers.

View the full guide to boosting security without compromising development speed.

About Jessica Lavery

Jessica is part of the content team at Veracode. In this role she strives to create and promote content that will engage, educate and inspire security professionals around the topic of application security. Jessica’s involvement with the security industry goes back more than a decade at companies like Astaro, and Sophos where she held roles in corporate communication and marketing.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.