Over the past 10 years, the world has seen application security awareness grow in leaps and bound. With the increased awareness, the messaging around application security has been shifting toward maturing an existing AppSec program.
But even though messaging is evolving, many of the core problems organizations are trying to solve today aren’t that far removed from the problems that surfaced 10 years ago. In State of Software Security v1, Veracode concluded that “Most software is indeed very insecure.” “We could use that same statement in Volume 10,” the report states.
However, there are some positive AppSec signs in 2019. Organizations are increasingly focused on not just finding security vulnerabilities, but fixing them, and prioritizing the flaws that put them most at risk. Though vulnerabilities are introduced as part of the development process, the data suggests that finding and fixing vulnerabilities is becoming just as much a part of the process as improving functionality.