DevOps, Third-party code

Many major app code changes lack security reviews

SecurityWeek reports that organizations have been conducting complete security reviews on only 54% of major application code changes. Forty-four percent of organizations across the U.S. said that less than half of code changes are being subjected to security reviews, compared with 34% that noted reviewing more than 75% of code modifications, according to a report from CrowdStrike. Such limited evaluations of major code changes have been attributed to the prolonged duration of conducting reviews, elevated costs, and complications brought upon by the usage of numerous programming languages in daily deployments. The utilization of various vulnerability detection tools has also presented challenges in consolidating alerts and prioritizing remediation efforts, the report revealed. "Organizations must rethink their approach to application security. Relying on manual processes slows down security and drives up cost. Traditional security reviews are time-consuming and costly. Security teams juggle multiple individual security tools and even with those tools, many share the common challenge of prioritizing which issues to fix first," said CrowdStrike.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.