DevOps Articles

Survey: Organizations Knowingly Deploy Vulnerabilities

A survey published today by Synopsys, a provider of electronic design automation (EDA) and application security tools, finds nearly half (48%) of respondents admit they consciously push code with known vulnerabilities into production because of time constraints. Based on a survey of 378 cybersecurity professionals conducted by Enterprise Strategy Group (ESG) on behalf of Synopsys, the survey also finds 65% of respondents said developers in their organization are participating in a formal security training program. However, only a third (34%) are employing application security tools across more than three-quarters of their codebase.

As a result, more organizations are looking for application security tools that can be directly embedded within an integrated development environment (IDE), noted Carey. However, the fact that application security tools are shifting further left does not mean organization won’t also have to invest in other tools that are embedded within DevOps platforms that manage runtime deployments, added Carey.