GoKawiilDmitry Nogaev/iStock/Getty Images Plus
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
Continuous deployment makes old security models feel obsolete.
Vulnerability backlogs are overwhelming development teams.
Application security needs to move toward code creation.
For all the time I've spent exercising on treadmills, I've always found them faintly demoralizing. You thump-thump-thump over and over again, but get nowhere. It's a lot of effort. You always work up a bit of a sweat, but ultimately feel unfulfilled. This feeling is reinforced the next day, when you have to do it all over again.
In many ways, application security is like that treadmill. Once the coding is done, security teams (or customers) find flaws. Scanning tools also find flaws, often resulting in reports that seem never-ending. Coders are constantly yanked away from new development to re-learn what they wrote, locate bugs, patch them, and release fixes.
Also: 77% of IT managers say their AI agents are out of control - 5 ways to rein in yours
But then, like on the treadmill, the cycle repeats when new code, new dependencies, and new vulnerabilities appear. Because, of course, they will.
... continue reading