Eng adds that developers may be focused on getting things done as quickly as possible, so they fix bugs with the fewest lines of code first. With this approach, a developer can fix more bugs in a day than if they were to focus on critical issues, which may be more difficult and time-consuming to fix.
Source: Veracode report "State of Software Security 2024: Addressing the Threat of Security Debt"
Source: Veracode report "State of Software Security 2024: Addressing the Threat of Security Debt"
Security debt is common among all types of applications.
The large volume of security flaws that developers have to fix is one of the main issues highlighted in the report.
According to Veracode, in a typical organization, one in three applications contains security debt. Not surprisingly, large legacy applications have the most debt.
debt arises from unfixed defects in both in-house code (63% of apps) and third-party libraries (70%). However, third-party code takes 50% longer to fix.
Keys to Reducing Security Debt
The report makes several slovenia mobile database to address the security debt, including:
Priority attention is given to eliminating critical, highly serious defects that are more than 1 year old, which, although they make up only 3% of all defects, pose the greatest risk.
Integrating scanning and testing into the entire software development lifecycle.
Move to continuous defect elimination to fix defects faster.
Improving developers' security competencies through hands-on training.
The report found that security
-
Rakhirandiseo
- Posts: 398
- Joined: Tue Dec 03, 2024 10:15 am
