Kev lag luam kev noj qab haus huv yog ua ntej ntawm nws lub sijhawm los txiav txim siab software kev ruaj ntseg qhov tsis zoo

Veracode, tus thawj coj thoob ntiaj teb ntawm daim ntawv thov kev ntsuam xyuas kev nyab xeeb kev daws teeb meem, hnub no qhia tias kev lag luam kev noj qab haus huv yog thawj zaug ntawm kev faib ua feem ntawm software kev ruaj ntseg tsis zoo, tsom mus rau 27%. Cov haujlwm tau tshaj tawm cov kev pabcuam nyiaj txiag raws li kev ua tau zoo tshaj plaws, qhia tau tias cov kws kho mob tau ua tiav zoo rau kev nce kev ruaj ntseg ntawm lawv cov software xyoo dhau los.

Cov ntaub ntawv tau tshaj tawm nyob rau hauv lub tuam txhab txhua xyoo State of Software Security (SoSS) tsab ntawv ceeb toom v12, qhov tshwm sim ntawm kev soj ntsuam ntawm 20 lab scans thoob plaws ib nrab lab daim ntawv thov thoob plaws kev noj qab haus huv, nyiaj txiag, thev naus laus zis, kev tsim khoom, kev faib tawm thiab tsoomfwv.

Chris Eng, Tus Thawj Saib Xyuas Kev Tshawb Fawb ntawm Veracode, tau hais tias: "Kev kho mob yog ib qho ntawm cov kev tswj hwm zoo tshaj plaws thiab raug suav tias yog ib qho tseem ceeb ntawm tsoomfwv. Yog li ntawd nws yog qhov txhawb kom pom tus cwj pwm zoo no nyob rau hauv cov nqe lus ntawm kev kho qhov tsis zoo. Peb cia siab tias cov neeg tsim khoom thiab cov neeg ua haujlwm IT hauv kev lag luam kev noj qab haus huv pom tias nws yog qhov zoo siab tos txais hauv lub ntiaj teb kev ruaj ntseg software, uas feem ntau tsis muaj kev txhawb nqa. Tseem muaj txoj haujlwm yuav tsum tau ua, yog li peb cia siab tias yuav txhim kho ntxiv rau xyoo tom ntej ”.

Txawm hais tias thawj qhov chaw ua tiav ua tsaug rau qhov feem pua ​​​​ntawm qhov tsis muaj peev xwm, 77% ntawm cov ntawv thov hauv kev kho mob raug rau cov teeb meem no, nrog rau qib loj hauv 21% ntawm cov neeg mob. Lub lag luam tseem muaj chaw txaus rau kev txhim kho nyob rau hauv cov nqe lus ntawm lub sij hawm siv kho qhov tsis zoo tom qab lawv tshawb pom, nrog staggering 447 hnub kom ncav cuag qhov nruab nrab ntawm kev kho.

Cov nqi cuam tshuam nrog kev ua txhaum cai ntawm kev noj qab haus huv yog qhov siab tshaj

Raws li cov tuam txhab saib xyuas kev noj qab haus huv ntsib tus nqi nruab nrab siab tshaj plaws ntawm kev ua txhaum cai, uas ntaus cov ntaub ntawv tshiab ntawm US $ 10,1 lab *, nws yog ib qho tseem ceeb uas yuav tsum tau ua cov kauj ruam kom txo tau qhov kev pheej hmoo ntawm cyberattacks. Raws li cov ntaub ntawv ua txhaum cai hauv kev lag luam uas muaj kev tswj hwm zoo yuav cuam tshuam nrog cov nqi mus sij hawm ntev dua, uas suav nrog ntau xyoo, ntu no tuaj yeem tau txais txiaj ntsig ntxiv los ntawm kev sib koom ua ke ntau dua los daws kev ruaj ntseg txij thaum pib.

Nyob rau hauv 6 sectors soj ntsuam, kev noj qab haus huv sector yog qhov kawg ntawm cov feem ntawm cov ntawv thov nrog vulnerabilities ntawm txhua yam, thiab yog nyob rau hauv lub thib ob qhov chaw kawg nyob rau hauv cov nqe lus ntawm cov feem pua ​​ntawm cov vulnerabilities nrog ib tug siab ntawm qhov hnyav, soj ntsuam los ntawm lub hauv paus. txaus ntshai heev rau daim ntawv thov thiab lub koom haum thaum muaj kev ua txhaum cai tiag tiag. Thaum nws los txog rau hom kev ua txhaum cai uas tau pom los ntawm kev txheeb xyuas daim ntawv thov kev lag luam hauv kev lag luam, cov kws kho mob tau qhab nia zoo ntawm cov teeb meem kev lees paub thiab tsis muaj kev ruaj ntseg piv rau lwm ntu, tab sis yuav raug teeb meem ntau dua ntawm cov teeb meem authentication encryption thiab deployment configuration.

Chris Eng commented:

"Peb paub tias tsis muaj daim ntawv thov yuav muaj kev ruaj ntseg 100% tiv thaiv kev ruaj ntseg tsis zoo, yog li nws yog ib qho tseem ceeb uas cov tuam txhab lag luam yuav tsum ua txhua yam tsim nyog los txo cov kev pheej hmoo ntau li ntau tau; qhov no suav nrog kev txheeb xyuas cov haujlwm ntawm qhov nrawm thiab tsis tu ncua, nrog rau ntau hom kev sim, kev sib koom ua ke ntawm cov cuab yeej xeem rau hauv ib puag ncig kev txhim kho, thiab kev cob qhia tes los pab cov neeg tsim khoom nkag siab txog qhov muaj peev xwm thiab kho lawv, lossis zam lawv tag nrho. Kev noj qab haus huv tseem yuav tsum tau tsom tshwj xeeb rau qhov tseem ceeb uas yuav tsum tau muab rau cov kev tsis txaus ntseeg tseem ceeb, cov uas tuaj yeem ua rau muaj kev puas tsuaj loj yog tias lawv tsis tau hais txog ntev dhau ”.

Andrew McCall, Tus Lwm Thawj Coj ntawm Engineering ntawm Azalea Health Innovations, tau hais tias: "Qhov teeb meem loj tshaj plaws los tsim kev ruaj ntseg hauv peb cov kev ua haujlwm yog tias cov neeg tsim khoom kho qhov no raws li cov khoom siv yooj yim zoo li lwm yam, thaum nws yog cov txheej txheem txuas ntxiv, uas yuav tsum yog ib txwm ua. qhov tseem ceeb thoob plaws lub software txhim kho lifecycle. Peb xaiv Veracode vim nws yog qhov yooj yim tshaj plaws thiab zoo tshaj plaws kev daws teeb meem rau kev koom ua ke rau hauv peb cov txheej txheem uas twb muaj lawm ".

Qib kev ruaj ntseg ntawm cov tsev qiv ntawv thib peb

Ua raws li kev nce qib hauv cov cai tiv thaiv cov khoom siv software xyoo tas los, daim ntawv tshaj tawm tau txheeb xyuas cov tsev qiv ntawv thib peb los txheeb xyuas tus cwj pwm ntawm qhov tsis zoo uas tau pom los ntawm kev txheeb xyuas software (SCA). Nyob rau hauv tag nrho, kwv yees li 30% ntawm cov tsev qiv ntawv yooj yim tseem muaj kev cuam tshuam tom qab ob xyoos, tab sis cov txheeb cais tau txo mus rau 25% hauv cov ntaub ntawv kev noj qab haus huv. Qhov tseeb tiag, thaum lub ntiaj teb feem pua ​​​​ntawm cov tsev qiv ntawv raug cuam tshuam los ntawm SCA nyiam poob qis tsis tu ncua raws sijhawm, kev kho mob tau ntsib qhov luv luv ua ntej txo qis ntawm qhov feem pua, kwv yees li xyoo tas los.

Hais txog Lub Xeev ntawm Software Security Report

Daim ntawv tshaj tawm Veracode State of Software Security (SoSS) v12 tau txheeb xyuas cov ntaub ntawv keeb kwm los ntawm Veracode cov kev pabcuam thiab cov neeg siv khoom. Nyob rau hauv tag nrho, cov no yog ntau tshaj li ib nrab lab daim ntawv thov (592.720) uas txhua hom kev tshuaj ntsuam tau siv, ntau tshaj ib lab dynamic analytical scans (10.34.855), tshaj tsib lab static analytical scans (5.137.882) thiab tshaj 18 lab analytical scans ntawm muaj pes tsawg leeg ntawm cov software (18.473.203). Tag nrho cov kev soj ntsuam no tau tsim 42 lab cov txiaj ntsig zoo li qub, 3,5 lab cov txiaj ntsig tsis zoo, thiab 6 lab cov txiaj ntsig SCA nyoos.

Cov ntaub ntawv sawv cev rau cov tuam txhab loj thiab me, cov neeg muag khoom software lag luam, cov neeg muag khoom software sab nraud, thiab cov phiaj xwm qhib. Hauv kev txheeb xyuas feem ntau, ib daim ntawv thov raug suav tsuas yog ib zaug xwb, txawm hais tias nws tau xa ob peb zaug los kho nws qhov tsis zoo thiab cov ntawv tshiab tau raug xa tawm.

Cov ntaub ntawv hais txog Veracode

Veracode yog tus thawj coj AppSec tus khub rau kev tsim software ruaj ntseg, txo qhov kev pheej hmoo ntawm kev ua txhaum cai kev nyab xeeb, thiab ua kom muaj kev ruaj ntseg thiab txhim kho pab pawg ua haujlwm tau zoo. Cov tuam txhab uas vam khom rau Veracode, yog li ntawd, tuaj yeem txhawb nqa lawv txoj kev lag luam thiab txav mus rau lub ntiaj teb mus tom ntej. Los ntawm kev sib txuas cov txheej txheem automation, kev sib koom ua ke, nrawm, thiab kev ua haujlwm, Veracode pab cov koom haum tau txais qhov tseeb, txhim khu kev qha kom lawv tuaj yeem tsom lawv cov kev siv zog rau kev kho, tsis yog nrhiav, muaj peev xwm ua tau.

Copyright © 2022 Veracode, Inc. All rights reserved. Veracode yog ib lub cim lag luam sau npe ntawm Veracode, Inc. hauv Tebchaws Meskas thiab tseem tuaj yeem xa mus rau lwm qhov chaw txiav txim. Tag nrho lwm cov npe khoom lag luam, cov cim lag luam lossis cov cim npe yog rau lawv cov tswv. Tag nrho lwm cov cim lag luam tau hais hauv xov xwm tshaj tawm no yog cov cuab yeej ntawm lawv cov tswv.