Businesses being forced to deploy vulnerable applications

Get a free Techzine subscription!

According to new research, many businesses are being forced to deploy apps with vulnerabilities because of time and economic pressure. The deployments have created many opportunities for cybercriminals to thrive.

Synopsys, a silicon design firm, did the survey which found that cybersecurity and development professionals in 48% of businesses, knowingly release vulnerable code into production. They do this to beat deadlines, even though there are loopholes attackers can exploit. 

Because of this, many of the businesses have become victims of production application exploits that involve OWASP Top 10 vulnerabilities.

Companies don’t think they are failing

Even with this trend, many of the survey’s respondents describe their app security as effective. About 69% rated their security programs at 8/10 or higher.

DevSecOps is now at the frontline of modern development. The security and development teams do not necessarily use the same metric, which makes it hard to align objectives. Dave Gruber, the senior analyst at ESG, was commissioned to conduct the research.

He states that the problems get even worse because most of the security teams fail to understand modern app development practices. Because of shifts to micro service-driven architecture, containers, and serverless architecture, things have changed in how developers create, test and deploy their code.

Spend more on app security

To align development processes and security, many of the businesses are planning to spend more on app security. About 51% of the businesses surveyed, plan to increase their expenditure on app security over the next 12 months.

44% plan to shift their app security investments to the cloud. In an age where work is increasingly happening outside traditional company firewalls, it is imperative that more companies work on integrating development and security teams.

If there can be a cohesive pipeline to ensure that the end goal is achieved with minimal vulnerabilities, then the process can become more reliable.