We recently published the 9th volume of our State of Software Security (SoSS) report, and although there are some bright spots, the overall state of software security remains a work in progress. Nowhere is this more true than in Europe. In separate research conducted earlier this year, we found that organizations in Europe are very aware of and concerned about application security. A staggering 94 percent of IDG/Veracode survey respondents agree it’s important to assess the application security capabilities of the vendors and partners from whom they procure software and applications. But at the same time, AppSec programs at most European organizations are not as mature as those in the Americas. In fact, our SoSS data found that European companies lagged behind the average significantly at every milepost of the flaw persistence intervals (how long security-related defects remain in code before being fixed). It took more than double the average time for European organizations to close out three quarters of their open vulnerabilities. Troublingly, 25 percent of vulnerabilities persisted more than two and-a-half years after discovery.
With shifting development models, and cyberattacks on the rise, addressing this problem and developing an application security program can feel overwhelming for many organizations. But we’ve been doing this for 10+ years, and we know what works, what doesn’t, and what it takes to build a mature, effective program over time. Two important parts of that process are creating security champions, and establishing a game plan for securely using open source. And those are two of the topics we’ll be tackling at Black Hat Europe next month.
Please stop by Booth 402 to meet the team and see the powerful Veracode application security solution in action. In addition, don’t miss the Veracode sessions:
- The State of Software Security: Looking at Europe: Paul Farrington, Director, Solutions Architecture, Veracode, Wednesday, December 5, 10:15am
- The Truth About Open Source: How Third-Party Libraries Can Introduce Risks: Chris Wysopal, Chief Technology Officer, Veracode, Wednesday, December 5, 11:25am
- SDL at Scale: Growing Security Champions: Ryan O’Boyle Product Security Architect, Veracode, Wednesday, December 5, 10:30am
We look forward to seeing you there! Get details.