The State of Software Security Volume 9 highlights that the sheer volume of open flaws within enterprise applications is too staggering to tackle at once. Which means that organizations need to find effective ways to prioritize which flaws they fix first. While many organizations are doing a good job prioritizing by flaw severity, data this year shows that they’re not effectively considering other risk factors such as the criticality of the application or exploitability of flaws. One school of thought is that application security practitioners need to step in to help developers most effectively prioritize their fixes. In this quick take video, Chris Eng looks at the security practitioner’s role in releasing secure software.
To learn more and read the full report, visit www.veracode.com/soss