/ Security Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Takeaways From Veracode's State of Software Security Report [Podcast]

DZone's Guide to

Takeaways From Veracode's State of Software Security Report [Podcast]

This year's Veracode State of Software Security report explored security flaws in Java apps, a lack of fixes for security flaws in general, and the benefits of coaching.

by
·
Oct. 23, 17 · Security Zone ·
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Veracode just published its latest “State of Software Security” report, get it here. Based on Veracode Platform data, these “SoSS” reports have been offering a goldmine of intelligence about how organizations are approaching AppSec since 2011. This year’s report is no different. Evan Schuman recently sat down with Veracode’s Director of Product Management Tim Jarrett to discuss the findings emerging from the latest report, and what they reveal about where organizations are seeing success securing their code, and where they’re not. For instance, they discuss:

  • Why this year’s report found that a very high percentage (88%) of Java applications had at least one flaw in a component.
  • Why the 2017 report found that, although organizations are wisely going after their most severe vulnerabilities first, we only see a fix rate of 37% for these severe flaws.
  • The fact that remediation coaching improved fix rates by 88%, and why this strategy has such a big impact.

Listen to this discussion to hear more about the 2017 “State of Software Security” report and what the findings reveal about application security today. 

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Like This Article? Read More From DZone

SAP Java Secure Storage
When it Comes to Application Security, 'Doing Your Homework' Matters
Threat Stack: Streamlined Workflows (Part 1)

Free DZone Refcard

Blockchain and Distributed Ledger Technology for Documents
DOWNLOAD
Topics:
security ,java security ,vulnerabilities ,software security

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

Security Partner Resources

Find out how to Secure your applications with Point and Click protection.
Open Source: Fact vs Fiction
Open Source Security in 2018 - Trends to Act On
Scan Java, NuGet, and NPM packages for open source vulnerabilities
What is the Deserialization vulnerability and what are the challenges in providing a solution
Learn how to Patch faster than attackers can find you

Security Partner Resources

Find out how to Secure your applications with Point and Click protection.
Open Source: Fact vs Fiction
Open Source Security in 2018 - Trends to Act On
Scan Java, NuGet, and NPM packages for open source vulnerabilities

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone