Application security is top of mind now more than ever. For more than a decade, Veracode examined increasing amounts of code as it passes through their source code vulnerability scanning service. During this period, automation is increasingly prevalent, making it easier to run scans more frequently and regularly. But has automation helped?. Is the software we create more secure? We gain key insights about this in Veracode’s The State of Software Security Report X (10th edition).
Chris Eng, Chief Research Officer at Veracode, joins us on DevOps Chats. We talk about many insights uncovered in the latest report, such as 50% of applications are accruing security debt over time, the regularity of scanning correlates to vulnerability fix times, and that scanning frequency directly impacts security debt.
There is a wealth of information in the report, and you can get a jump on the key findings on this podcast episode with Chris. Download the full report at https://www.veracode.com/state-of-software-security-report.