1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Huge amounts of apps are developing security flaws in their first

    From TechnologyDaily@1337:1/100 to All on Fri Jan 13 10:15:03 2023
    Huge amounts of apps are developing security flaws in their first year

    Date:
    Fri, 13 Jan 2023 10:00:00 +0000

    Description:
    Frequent and varied scanning helps app devs minimize the chances of major trouble down the road.

    FULL STORY ======================================================================

    In their first year of existence, a third of apps (32%) carry security flaws, and by the age of five, this number grows to more than two-thirds (70%), new research has found.

    A new report from Veracode found businesses need to scan for flaws early, often, and in various ways, in order to minimize the chances of severe issues down the road.

    The company analyzed more than three-quarters of a million applications
    across commercial software suppliers, software outsourcers, and open-source projects, finding that after the initial introduction of flaws, the apps usually enter a honeymoon period of stability - almost 80% dont introduce any new flaws for the first year and a half. Costly mistakes

    After that, some devs start getting sloppy again, with the number of new
    flaws being introduced to the code climbing to roughly 35% after five years.

    Ignoring to address security flaws early could result in huge costs down the road, Veracode says, citing recent reports that claim an average data breach now costs $4.35 million.

    Instead, developers should do a number of things to reduce the probability of flaw introduction, including developer training, and the use of multiple scan types - scanning via API included. Read more

    A worrying amount of apps found to have high-severity security flaws


    Open source code flaws may lead to a new Heartbleed


    Check out the best endpoint protection software today

    The frequency of scans is also an important factor, the company added. Furthermore, they should tackle technical and security debt as early and as quickly as possible, prioritize automation and developer security training, and establish an application lifecycle management protocol that incorporates change management, resource allocation, and organizational controls.

    Using a software composition analysis (SCA) solution that leverages multiple sources for flaws, beyond the National Vulnerability Database, will give advance warning to teams once a vulnerability is disclosed and enable them to implement safeguards more quickly, hopefully before exploitation begins, said Chris Eng, Chief Research Officer at Veracode.

    Setting organizational policies around vulnerability detection and management is also recommended, as well as considering ways to reduce third-party dependencies. These are the best malware removal tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/huge-amounts-of-apps-are-developing-security-fl aws-in-their-first-year


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)