News

Rapid AI-driven development makes security unattainable, warns Veracode

The Register · Tim Anderson · last updated

Report claims more vulnerabilities created than fixed as remediation gap widens

Veracode has posted its annual State of Software Security report, based on data from 1.6 million applications tested on its cloud platform, finding that more vulnerabilities are being created than are being fixed, and that high-velocity development with AI is making comprehensive security unattainable.

The company defines security debt as “known vulnerabilities left unresolved for more than a year” and reckons this now affects 82 percent of companies, up from 74 percent a year ago. High-risk vulnerabilities, meaning flaws that are both severe and likely to be exploited, have risen from 8.3 percent to 11.3 percent. The figures are from a combination of static analysis (analyzing the code), dynamic analysis (testing runtime behavior), software composition analysis (examining software components such as library dependencies), and manual penetration testing.

There is also some good news. The number of apps with open source vulnerabilities has reduced from 70 percent to 62 percent, and the overall “flaw prevalence” is down from 80 percent to 78 percent.

View full article

here today, more tomorrow

We’re launching briefing.center with a focus on the press and media.

And we’re adding Citizen Cartwright, a daily quick-read news summary by veteran Washington journalist Linda Cartwright. (Sign-up for a dedicated morning email is available at Citizencartwright.com.)

We’re readying our first policy briefing.center, on energy and climate. We’d love to hear from you in what our other policy priorities should be.

You can use briefing.center as the center of your information management, or just one of your tools. We’re happy to discuss your connectivity needs.

Sign up