Why don’t developers have a ‘spellchecker’ for security’?

/ Computerworld, CSO / October 31, 2016

Despite all the news coverage about successful cyberattacks, developers are still writing code full of security vulnerabilities.Of course, nobody is perfect. We all make mistakes, and as software projects get more and more complex, it can be easy to mix potential problems.

But that doesn’t explain why so much software is full of the most basic errors.

According to a report released this month by Veracode, 61 percent of all internally-developed applications failed a basic test of compliance with the OWASP Top 10 list on their first pass. And commercially developed software did even worse, with a 75 percent failure rate.

These are basic, well-known problems, like SQL injections and cross-site scripting.

Read full article at CSO magazine.

Article also reprinted in Computerworld.

About The Author

Maria Korolov

Maria Korolov is editor and publisher of Hypergrid Business. She has been a journalist for more than twenty years and has worked for the Chicago Tribune, Reuters, and Computerworld and has reported from over a dozen countries, including Russia and China.

About The Author

Maria Korolov

Related Posts