Page 124 - Cyber Defense eMagazine January 2023
P. 124
Solving The AppSec Dilemma Across the Entire SDLC
Why organizations should adopt an integrated and continuous approach to application security
education
By Amy Baker, Security Education Evangelist, Security Journey
The software supply chain is under increasing threat. With nearly half of organizations predicted to
experience at least one software supply chain attack by 2025, developers and AppSec teams are
becoming an increasingly popular target for cybercriminals who can wreak havoc. Especially when they
exploit well-known and easily fixed vulnerabilities. For instance, the now infamous ‘Log4Shell’
vulnerability left some of the world’s most commonly used applications and services open to attack and
will reportedly ’haunt the internet for years’. More recently, the OpenSSL vulnerability caused chaos when
it threatened to be a serious security bug, despite also being one of the most common coding issues and
easy to fix (a buffer overrun).
These vulnerabilities affect businesses and consumers alike, as made evident by recent Apple
weaknesses that allowed hackers to take complete control of users’ devices. It’s time to prioritize security,
but doing so will take dedication to secure coding training.
Insecure software is still rewarded
One reason the software supply chain remains vulnerable to security threats is that it effectively continues
to reward insecure software. In his opening keynote of Black Hat 2022, Chris Krebs stated that security
Cyber Defense eMagazine – January 2023 Edition 124
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
