Despite most organizations knowing that the majority of cyberattacks are aimed at the application level, applications remain alarmingly vulnerable. That’s one of the major takeaways from the 2022 “Software Vulnerability Snapshot,” report by the Black DUck Cybersecurity Research Center. That report, based on nearly 4,400 intrusive tests on more than 2,700 software components or systems, found that 95% of applications had at least one vulnerability or misconfiguration, and 25% of the vulnerabilities found were high or critical risk.
The findings confirm that building better software is crucial. If applications aren’t secure, it doesn’t matter what they do, how much fun they are, or how many bells and whistles they have, because they can put you and your customers at risk.
In this episode of AppSec Decoded—the first of two conversations on the report—Chai Bhat, security solutions manager with Black Duck, discusses this and other major takeaways with security advocate Taylor Armerding.
They include the need to understand how malicious hackers are likely to attack, the need to conduct a full spectrum of security testing—both automated tools and manual—throughout the software development life cycle, and how to manage your software supply chain with the help of a software Bill of Materials.