Veracode , a global leader in application risk management, announced its latest platform innovations designed to help organizations identify, prioritize and reduce security debt across their growing attack surface. Two new capabilities in Longbow powered by Veracode, Universal Connector and Application Security Heatmap, enable organizations to quickly connect findings from any source and correlate them with the applications at greatest risk. Together, Universal Connector and Application Security Heatmap provide a clear, actionable view of assets and their issues, enabling prioritization of remediation efforts based on quantifiable risk.
“ A growing security debt, an expanding attack surface made more vulnerable by generative AI, and an overwhelming volume of security alerts are making it increasingly difficult for organizations to know which application risks to prioritize,” said Chris Eng, Chief Research Officer at Veracode . “ In fact, our State of Software Security research shows that many organizations are focusing more on fixing low-severity flaws than critical vulnerabilities. Security leaders need technology that allows them to effectively discover and manage application risk, then reduce it by focusing on the most important issues across the entire attack surface.”
Security Debt Priorities: Critical and Non-Critical
In its State of Software Security 2024 Language Snapshot, Veracode revealed the presence of several “critical” and “non-critical” security debts among applications written in different languages. Critical security debt is defined in this report as a high-severity flaw that remains unfixed for more than one year. If exploited, these vulnerabilities would seriously jeopardize the integrity and availability of organizations.
Also Read: 360 Advanced & Compyl Forge Alliance for Cybersecurity Boost
While the majority of security debt is in first-party code written by developers working within organizations, Veracode research found that the most critical security debt resides in third-party code, such as open source software used as the basis for product code. For example, 80 percent of critical debt in Java applications and 63 percent in JavaScript applications resides in third-party code. The report also found that approximately 51 percent of critical flaws in Java applications result in security debt, while only 45 percent of low-to-medium level flaws result in security debt.
“ With the overwhelming amount of security flaws, developers are not prioritizing the ones that pose the greatest risk. While focusing on non-critical vulnerabilities may yield some quick fixes, developers should use their limited capabilities to work on fixing critical flaws with the highest potential security impact,” adds Chris Eng.
Visibility and Priority First: Universal Connector and Application Security Heatmap
Following Veracode’s acquisition of Longbow Security last April and the introduction of Longbow’s Repo Risk Visibility and Analysis capability in May, the Universal Connector and Application Security Heatmap were designed with developer time in mind. The capabilities provide operational oversight to help developers and security teams quickly identify and prioritize the most important fixes for the growing security debt in their applications.
Universal Connector enables organizations to quickly access security-relevant data from multiple sources that otherwise cannot be easily integrated into the Longbow platform, without having to develop a specific connector. The Application Security Heatmap maps the application in detail down to the individual developers (including third-party developers) who developed each component, shows a risk trend over the previous 90 days, and allows customization of the acceptable risk threshold to meet the organization’s specific criteria. Application security teams and developers can analyze each application, visualize the risk distribution, and implement the top 5 “Best Next Action™” recommendations to remediate that risk.
“ As organizations seek to identify and resolve mounting security debt, there is a clear need for risk-centric visibility and prioritization,” said Derek Maki, Vice President of Product Management at Veracode . “ The new capabilities in the Longbow platform provide our customers with a deeper understanding of an organization’s riskiest applications, as well as the unique ability to identify the five most impactful solutions for improving their security posture.”
SOURCE: Businesswire