Study finds DevSecOps a ‘ strategic priority ’ for 2023
ENTERPRISE IT productivity dealing with a massive backlog of vulnerabilities that they have neither the time nor resources to tackle effectively .
The State of Vulnerability Management in DevSecOps report highlighted that 47 % of security leaders have a backlog of applications that have been identified as vulnerable . Two-thirds of respondents said their backlog consists of more than 100,000 vulnerabilities , while the average number of vulnerabilities in backlogs overall is a mindboggling 1.1 million , according to the data .
“ This is a significant loss of time and dollars spent just trying to get through the massive vulnerability backlogs that organisations possess ,” said Liran Tancman , CEO of Rezilion . “ If you have more than 100,000 vulnerabilities in a backlog and consider the number of minutes that are spent manually detecting , prioritising , and remediating these vulnerabilities , that represents thousands of hours spent on vulnerability backlog management each year . These numbers make it clear that it is impossible to effectively manage a backlog without the proper tools to automate detection , prioritisation , and remediation .”
Expensive hours are lost trying to wrangle massive backlogs on both the production and development side of software applications . The survey found that 77 % of respondents said it takes longer than 21 minutes to detect , prioritise , and remediate just one vulnerability in production .
“ The key to clearing vulnerability backlogs is to have a true correlation of alerts coming from all of the various scans performed ,” comments Gates . “ Everyone knows security tests return lots of results , but without correlation , developers end up solving issues that aren ’ t critical , while potentially overlooking ones that are . Correlation of scan results is imperative and , by the way , aggregation is not correlation .”
Study finds DevSecOps a ‘ strategic priority ’ for 2023
In a recent survey conducted by the Neustar International Security Council ( NISC ), 93 % of participating information technology and security professionals reported that DevSecOps would be a significant budgeting priority in the coming year , with 55 % emphasising that it would be a very significant priority within their organisation .
technologymagazine . com 121