"Why Organizations Push Vulnerable Code in Their Application Security Program"

A new report from Synopsys, titled "Modern Application Development Security," reveals that 48% of organizations intentionally push vulnerable code in their application security programs. According to the report, organizations push vulnerable code because of critical deadlines, perceptions that the vulnerabilities are low-risk, or the vulnerabilities were discovered too late in the development cycle to have them resolved in time. When vulnerable code is pushed due to time pressures, organizations often plan to remediate in a later release. Organizations are encouraged to shift application security left in the development process to resolve problems prior to delivery. Development teams should also be provided with ongoing training and tools that support secure coding without impacting the speed at which they operate. This article continues to discuss why organizations knowingly push vulnerable code, the result of this decision, how application security should be approached, and other key findings from the report. 

CISO MAG reports "Why Organizations Push Vulnerable Code in Their Application Security Program"