Cybersecurity
Hardly any attention despite WannaCry & Co.
According to a study by CA Veracode, only 52% of developers update their commercial or open source components when a new security vulnerability is published. This highlights the lack of security awareness of many companies and exposes them to the risk of security leaks. The study, which was conducted by Vanson Bourne, once again highlights the lack of security awareness among companies.
Software development processes such as DevSecOps have helped to improve the security of developers' code. However, these same development processes also emphasize speed and efficiency to keep up with business demands. As a result, developers are relying on components that borrow features and functions from existing projects and libraries. The study shows that 83 percent of respondents use either commercial or open source components, with an average of 73 components per application.
These components increase the efficiency of developers and their use is considered best practice. However, they are also associated with inherent security risks. On average, 71 vulnerabilities were identified per application that can be traced back to such components. Nevertheless, only 23 percent of respondents stated that they test components for vulnerabilities with every release. This may be due to the fact that only 71 percent of companies have a formal application security (AppSec) program in place.
In addition, only 53 percent of organizations maintain an inventory of all components in their applications. And according to the 2017 State of Software Security Report (SoSS), less than 28 percent of organizations perform regular composition analysis to track components.
"We know that developers care about writing not only good code, but secure code," says Pete Chestna, Director of Developer Engagement, CA Veracode. "But they can't do that without the right tools. When we provide them with these tools, they can integrate the security of the components they use directly into their development process. As a result, we see a significant improvement in secure software development."
The study also shows that development (44 percent) or security teams (31 percent) are most likely to be responsible for maintaining third-party commercial and open source components. This suggests that responsibility is increasingly being transferred to the development team. As awareness of open source risk continues to grow, providing solutions, training and transparency to mitigate risk is becoming an important component of the Modern Software Factory development approach.
The full study, produced in collaboration with Vanson Bourne, can be found here.
You might also be interested in
Predictive maintenance in retrofit
Predictive maintenance pays off. This is because early detection of impending failures means that systems can be serviced in a targeted manner before production downtime occurs. But how complex is it to integrate such a maintenance concept into an...
read more...Maintenance instead of replacement
The circular economy starts with the machinery
Sustainability in industry starts with machines, says our guest author from Deguma: How maintenance, modernization and the 5R strategy save resources, energy and CO₂.
read more...3D printing for unplanned requirements
The material fails and the machine suddenly stops? Then you need to take the right measures to be able to resume production quickly. Material failure in the form of faulty components or material wear in the frame are a risk for any production.
read more...High demands in terms of safety, application and robustness
Demanding work in the electrical trade and energy supply as well as smooth processes in production require innovative and customized measurement technology that scores points for safety, ease of use and resilience.
read more...Car meets e-bike: riding with lubrication-free polymer bearings
Studies show that the proportion of pedestrian and bicycle traffic is increasing in urban areas. With the JetBike, JetBike GmbH from Braunschweig presents a mixture of e-bike and car and relies on lubrication-free polymer bearings from Igus.
read more...Hydraulic hub for more efficient servicing
Bosch Rexroth presents a digital toolbox for service and maintenance. With a comprehensive range of digital services, the Hydraulic Hub simplifies and accelerates the service and maintenance of hydraulic products and increases machine availability.
read more...Arnold Umformtechnik expands after-sales...
Faster help with VR glasses
Arnold Umformtechnik is expanding the after-sales service for its machines to include digital remote services. The focus is on data security, simple operation and clear processes.
read more...147,000 euros per hour: high costs for German companies due to unplanned downtime
According to the "Value of Reliability" study, 67% of industrial companies in Germany experience unplanned downtime at least once a month. This costs the German economy 147,000 euros per hour. Nevertheless, reactive maintenance concepts are not...
read more...Maintenance starts with a maintenance planner
Legal requirements stipulate that machines and systems must be serviced regularly. The maintenance work serves to ensure occupational safety and economic efficiency.
read more...