A global survey of 1,402 application developers, cybersecurity, and IT operations professionals reveals that 71% work for organizations permitting direct downloads of internet packages, a risky practice. Only 43% scan source codes and binaries, with many lacking visibility into software provenance. JFrog's Paul Davis notes the challenge of instilling trust in security practices within development teams, especially as organizations implement multiple security tools. Despite over 33,000 critical vulnerabilities disclosed in 2024, only 12% are genuinely exploitable, making it unclear how often security tools are effective in real environments.
Despite the progress in DevSecOps, a recent survey reveals that 71% of developers still download packages from the internet, highlighting ongoing vulnerabilities in software security.
The survey indicates that less than half of organizations scan at the source code and binary levels, and 40% lack visibility into the software's provenance in production.
JFrog's Paul Davis emphasizes the need for better integration of security practices into development workflows to establish trust among application teams amidst numerous security tools.
In 2024, over 33,000 critical vulnerabilities were disclosed, yet JFrog found only a fraction of these high-profile CVEs were truly exploitable, raising questions about security tools.
Collection
[
|
...
]