Businesses knowingly deploy vulnerable applications due to time pressures

Many businesses are being forced to deploy vulnerable applications due to time pressures and economic considerations, creating a wealth of opportunity for cybercriminals, new research has warned.

According to a report from silicon design firm Synopsys based on a survey of cybersecurity and development professionals, nearly half (48 percent) of businesses knowingly push vulnerable code to production in order to meet deadlines.

As a result, the majority have also fallen victim to production application exploits involving OWASP Top 10 vulnerabilities in the past twelve months. 

Despite this alarming trend, however, most respondents still described their application security program as effective; the majority (69%) rated their current program an eight out of ten or higher.

“DevSecOps has moved security front and center in the world of modern development. However, security and development teams are driven by different metrics, making objective alignment challenging,” said Dave Gruber, Senior Analyst at ESG, the analyst house commissioned to conduct the research.

“This is further exacerbated by the fact that most security teams lack an understanding of modern application development practices. The move to microservices-driven architectures and the use of containers and serverless architectures has shifted the dynamics of how developers build, test and deploy code.”

In a bid to better align the development process with cybersecurity requirements, a large proportion of businesses are planning to increase spend on application security. More than 51% have plans for significant spending increases over the next twelve months, while 44% plan to funnel application security investment towards cloud.

Source link