"Flaws Fixed Incorrectly, as Secure Coding Education Lags"
Research conducted by HackEDU, a provider of interactive cybersecurity training and secure code development courses for software engineers, attributes code fixing failures to a lack of formal training. Based on feedback mostly from security, development, and compliance leaders, more than 50 percent of developers are not trained in secure coding practices. The study involved data from assessments, lessons, challenges, and vulnerability reports from HackEDU customers and students. Vulnerabilities stemming from broken access control and broken object-level authorizations have been proven to be the most challenging to fix, while fixes for command injection and SQL injection vulnerabilities are often discovered to be incorrect. HackEDU emphasizes the importance of educating developers on secure coding practices as it would help ensure these flaws are reduced or eliminated. In order for developers to properly address harder-to-fix vulnerabilities, they must understand the fundamentals. Memorizing syntax or a framework and then applying it as a patch is not enough. This article continues to discuss HackEDU's findings on the lack of formal training in secure coding among developers, the types of vulnerabilities often fixed incorrectly, and the importance of improving education for developers on secure coding practices.
SC Media reports "Flaws Fixed Incorrectly, as Secure Coding Education Lags"