When it comes to addressing their backlog of unfixed security issues, many software development organizations are facing an uphill battle. One reason is the proliferation of automated security tools. Adopting automated solutions helps developers and security shift testing left and eliminate time-consuming manual processes, and it's a welcome component of the DevSecOps approach. It also requires teams to address a new set of challenges. One major challenge is a long and exhausting list of security alerts that demands organizations find a way to efficiently prioritize vulnerabilities.
Security Professionals' Top Challenge: PrioritizationWhiteSource recently surveyed more than 560 application security professionals and software developers for its "DevSecOps Insights Report." When asked about their biggest challenges in implementing and running an application security program, security professionals' resounding answer, at 41%, was vulnerability prioritization.
Source: WhiteSource
This should come as no surprise to anyone working in software development. Software development organizations are using more application security tools than ever before and from the earliest stages of development. Most are on top of detection, but that's only the first step. Next comes prioritization: Once you've detected the security issues, how can you make sure you are addressing the most critical issues first?
Vulnerability Prioritization: A Work in Progress?While prioritization is essential for organizations that want to get ahead of their backlog, they are still struggling to formulate a standardized prioritization process. Even though vulnerability prioritization rated very high on application security professionals' list of top challenges, the WhiteSource survey found that most s ..
Support the originator by clicking the read the rest link below.
